How do we import a vendor supplied certificate into Service Desk's Tomcat?
search cancel

How do we import a vendor supplied certificate into Service Desk's Tomcat?


Article ID: 53827


Updated On:


CA IT Asset Manager CA Software Asset Manager (CA SAM) ASSET PORTFOLIO MGMT- SERVER SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service CA Service Desk Manager CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager


This document provides a sample list of steps for importing a VeriSign certificate into Service Desk's tomcat.


    Component: ARGIS



    The CA Service Desk Implementation Guide provides steps on how to import a "self-signed" certificate into Tomcat.
    However, the steps are not the same for a VeriSign supplied certificate.

    The following is an example and may vary slightly depending on the product/certificate purchased from VeriSign.

    Steps to install Certificate from VeriSign into Tomcat

    1. Follow the steps listed on the VeriSign site depending on the type of purchase made ("Secure Site", "Secure Site Pro", etc...):

      When prompted for the certificate type, be sure to request the Microsoft PKCS7 format.
      The java "keytool" should be able to read these without issue.
    2. Import the certificate received from VeriSign:
      keytool -import -trustcacerts -file c:\newcert.crt -file "c:\.keystore" -alias tomcat
      Note: the Microsoft pkcs7 format should have the VeriSign intermediate certificates.

      Edit the Service Desk\bopcfg\www\CATALINA_BASE\conf\server.xml in a text editor.
      Locate the SSL connector section.
      Uncomment it as appropriate.
      Edit as shown in the Windows example below where the location of the ".keystore" file is under "c:\cert\":
      <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
              <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
               port="8443" minProcessors="5" maxProcessors="75"
            acceptCount="100" debug="0" scheme="https" secure="true"
               useURIValidationHack="false" disableUploadTimeout="true">
            <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
               clientAuth="false" protocol="TLS" keystoreFile="C:\cert\.keystore" keystorePass="changeit" />
    3. Recycle Service Desk Tomcat:
      pdm_tomcat_nxd -c stop
      pdm_tomcat_nxd -c start

    Additional Information

    A more in depth analysis of applying SSL to a given Tomcat install is available.  Please review the following documentation link:

    The information in this article has been included in our product documentation. You can find further details here: