User Tools

Site Tools

Use an SSL Certificate from a trusted third-party with Keystore Explorer

These instructions assume that a certificate is already available within a Personal Information Exchange (.pfx) file.

  • Open the .pfx file with Keystore Explorer and export both the Key pair and the certificate, using the default options.
  • Close Keystore explorer and open it again.
  • Create a new keystore of type JKS and import to it the key pair exported earlier, use the password 123123 wherever required and name the imported entry tomcat (alias).
  • Hit the Save button in Keystore Explorer and name the file easastore and save the file to <EASAROOT>\tomcat\conf.
  • If the certificate is signed by a trusted signature service provider, close Keystore Explorer and jump to Configuring EASA to use HTTPS, if the certificate is signed by an intermediate certificate authority continue with the next step.
  • Close Keystore Explorer and open it again.
  • Copy the file <EASAROOT>\jre\lib\security\cacerts to another location where the current Windows user has write access, our example uses New Folder.
  • Open the copied cacerts file with Keystore Explorer. The password is changeit.
  • Import the certificate (leave the alias as is).
    • If this is a self-signed certificate then this file was exported earlier.
    • If this is a certificate from an intermediate certificate authority,
      • Then this file is provided by the authority in the form of either of,
        • .cer file
        • .crt file

Generate a key pair and a self-signed SSL certificate using Keystore Explorer

Download and Open Keystore Explorer. (

Click on create a new Keystore,

Select JKS and click OK,

Click on Tools→Generate key pair,

Select RSA with key size 2048, then OK,

Click Edit name,

Fill in each field on the form with the relevant data. Common Name must be the name of the EASA Server. Click OK twice,

Enter tomcat as Key Pair Entry Alias. Click OK,

Enter 123123 as Key Pair Entry Password. Click OK,

Key Pair and Certificate will be created,

Click File→Save,

Enter 123123 as Password for Keystore file,

  • Select a folder in which to save the Keystore file, we use New Folder
  • Select filename easastore.jks and file type Keystore Files

Right-click tomcat and select Export Certificate Chain

  • Select,
    • Entire Chain
    • PKCS #7
    • tick PEM
    • browse to an export folder, New Folder in our example,

  • Navigate to the export folder.
  • Double-click tomcat.p7b to open the keystore with Windows Certificates Manager

Select our certificate, right-click on it, select All Tasks→Export

  • Keep all defaults, except save File Name as tomcat.cer in the export folder, New Folder
  • Click Finish

  • Close Keystore Explorer and Windows Certificates Manager.
  • Copy the file <EASAROOT>\jre\lib\security\cacerts to New Folder which has the newly created keystore and certificates.
  • Open Keystore Explorer. Select File→Open, browse to cacerts.
    • → The password is changeit

  • Click on Tools→Import Trusted Certificate

  • Select tomcat.cer and click Import

The certificate is 'self-signed' which does not involve a trusted third-party Certificate Authority so click OK to examine the certificate.

Click OK to accept the certificate,

Confirm Yes

Set the Alias to tomcat and click OK twice,

Save cacerts file and close Keystore Explorer.

Page Tools