Can Let's Encrypt output (.pem) be used to generate a tomcat keystore / certstore?

Can Let's Encrypt output (.pem) be used to generate a tomcat keystore / certstore ?

certbot successfully returns the .pem files (privkey.pem fullchain.pem chain.pem ), Is there any documentation on how to use these files to generate the desired files for usage with tomcat? (tomcat-keystore.p12 tomcat-certstore.jks ) ?


1 Like

Yes, there is some documentation for that. In OpenSSL manpages :smiley:


Modern tomcat versions also support using pem files directly, without need to convert to p12 Enabling SSL on tomcat using pem file - Stack Overflow

If you want a p12 file, you can use openssl command line to convert; I don't believe certbot supports outputting those files directly. jks is deprecated in the java ecosystem as well, and I wouldn't recommend that; there are few tools for dealing with jks.

I haven't used it personally, but there's also projects such as acme4j which you may be able to incorporate into whatever you're running on tomcat to handle certificates directly in your Java code: acme4j - acme4j

Finally, I personally have found the performance of Java's TLS stack to be lacking sometimes compared to alternatives, and it's often better to run something like nginx, traefik, or caddy as a reverse proxy in front of tomcat to handle TLS and other tasks like serving assets. But that's a bigger change, far more than what you asked for help with :slight_smile:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.