You can use PKCS12 keystores instead of JKS-format client certificates.
The previous sections assume that the Tomcat application server is using a JKS-format client certificate. However, the Tomcat server version 5.0 and higher supports the use of PKCS12 keystores. Therefore, you can use the eneCert.p12 certificate key that you generated with the enecerts utility.
To set up a PKCS12 keystore on a Tomcat server:
# Default keystore type. keystore.type=pkcs12
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> <Connector port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12" keystoreFile="C:\Endeca\MDEXEngine\workspace\etc\eneCert.p12" keystorePass="endeca" truststoreType="PKCS12" truststoreFile="C:\Endeca\MDEXEngine\workspace\etc\eneCert.p12" truststorePass="endeca" />
@echo off setlocal set CLIENT_CERT=C:\Endeca\MDEXEngine\workspace\etc\eneCert.p12 set CATALINA_OPTS=-Djavax.net.ssl.keyStoreType=PKCS12 -Djavax.net.ssl.keyStore=%CLIENT_CERT% -Djavax.net.ssl.keyStorePassword=endeca -Djavax.net.ssl.trustStore=%CLIENT_CERT% -Djavax.net.ssl.trustStorePassword=endeca cd c:\tomcat\bin call c:\tomcat\bin\startup.bat endlocal