java - Configuring Tomcat to use Windows Certificate Store for SSL

Question

I've deployed a number of SSL configurations, including both Tomcat (cacerts + keytool) and IIS (Windows Certificate Store + netsh http sslcert) so I'm familiar with these procedures.

Has anyone come up with a way to point Tomcat's SSL connector to a Windows Store (i.e. configuration, extension, plugin, etc.)? Just looking to centralize management of SSL deployments to one store, vs. having multiple stores.

Answer 1

According to the answer on "SSL enabling in Tomcat Windows server" you can specify keystore type as "Windows-My" in configuration of connector in server.xml, it worked for me on Tomcat 8.0.22 as well

<Connector port="8443" 
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           SSLEnabled="true"
           maxThreads="150" 
           scheme="https" 
           secure="true"
           keyAlias="<alias of the cert>"
           keystoreFile=""
           keystoreType="Windows-My"
           clientAuth="false" 
           sslProtocol="TLS"
           keepAliveTimeout="200000" />