Just for the record: It can be done. I managed to create a Java Keystore, which can be used by Tomcat.
You do need to add the privkey.pem to the JKS, but I couldn’t do so directly with keytool or Portecle and used a workaround instead.
With the help of openSSL you can create a PKCS12 keystore with both your certificate and the private key like so (no password for privkey.pem required):
openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out cert_and_key.p12 -name tomcat -CAfile chain.pem -caname root
I than converted this PKCS12 to a JKS:
keytool -importkeystore -deststorepass <changeit> -destkeypass <changeit> -destkeystore MyDSKeyStore.jks -srckeystore cert_and_key.p12 -srcstoretype PKCS12 -srcstorepass <thePasswordUsedInTheCommandAbove> -alias tomcat
After that I added the chain.pem (although this might have been avoided with the use of -chain
in the openSSL command, I guess):
keytool -import -trustcacerts -alias root -file chain.pem -keystore MyDSKeyStore.jks
The resulting JKS can be used in a Tomcat Connector configuration like so:
So this allows you to use your LE certificate with Tomcat =)
Hope this helps.