To use the certificate with Apache Tomcat, you must create a JKS file. To create a JSK file from an existing x509 certificate:
Convert the x509 certificate to the p12 format using the command below. The system will ask you to create an export password after the command. Define a password.
openssl pkcs12 -export -in <company-name.crt> -inkey <company-name.key> -certfile <company-name.crt> -out <company-name.keystore.p12>
Using the new p12 file, run the command below to create the JKS file. The system will ask you to create a destination KeyStore password after the command. Define a password. The system will then ask you for the source KeyStore password, which was created in the previous step as the export password.
/usr/java/jdk1.8.0_131/jre/bin/keytool -importkeystore -srckeystore <company-name.keystore.p12> -srcstoretype pkcs12 -destkeystore <company-name.jks> -deststoretype JKS
By default, the JKS alias is set as 1. If you want to change the JKS alias or password, use the following commands:
keytool -changealias -keystore <path/to/jks> -alias
keytool -keypasswd -alias -keystore <path/to/jks>