Install Openssl private key and authentic CA certs on Tomcat server

My situation is this: my colleague generated the CSR and private Key using Openssl, which is the instruction for Apache server. We received from VeriSign the certificates. However, my Tomcat setup doesn't want to use Apache as the frontend, and therefore I have to figure out a way to install the certificates on Tomcat, as the instructions are quite different from the Apache's. Tomcat's CSR/Private Key generation uses the keytool which is instructed by VeriSign. We requested support from VeriSign and they told us it's not possible and we have to PAY and RE-REQUEST the certificate. What the heck... as I research online I found many resources saying many ways to install the key and certificated into Tomcat.

However, this surely isn't simple stuff. It took me 1 1/2 days of research/digging to finally come to a solution that works. I also saw that many others have resorted to pay for another certificate instead.

Thanks to many others for the help. Here is the URL of the soluton that I found: 

http://www.agentbob.info/agentbob/79-AB.html

The author's solution may not work though, it's the last commenter's solution that worked for me!

Here are the steps:

1) convert your Openssl generated private key, VeriSign's cert and root cert, and any intermediate cert into DER format:

openssl pkcs8 -topk8 -nocrypt -in key.pem -inform PEM -out key.der -outform DER
openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER

2) combine all three/two certificates into 1:

cat site_cer.der intermediateCA_cer.der rootCA_cer.der > site_all_cer.der

3) use the modified ImportKey.java tool to import the key and certs (find in attachment):

java ImportKey site_key.der site_all_cer.der 

4) here is the SSH script provided by the commenter:

JAVA_HOME=/usr/java/latest
export JAVA_HOME


PATH=$JAVA_HOME/bin:$PATH
export PATH


THE_NAME=www.dummy.org
export THE_NAME


rm /root/.keystore
rm /usr/share/tomcat5/.keystore


openssl pkcs8 -topk8 -nocrypt -in ${THE_NAME}_key.pem -inform PEM -out ${THE_NAME}_key.der -outform DER


openssl x509 -in rootCA_cer.pem -inform PEM -out rootCA_cer.der -outform DER


openssl x509 -in intermediateCA_cer.pem -inform PEM -out intermediateCA_cer.der -outform DER


openssl x509 -in ${THE_NAME}_cer.pem -inform PEM -out ${THE_NAME}_cer.der -outform DER


cat ${THE_NAME}_cer.der intermediateCA_cer.der rootCA_cer.der > ${THE_NAME}_all_cer.der


javac *.java


java ImportKey ${THE_NAME}_key.der ${THE_NAME}_all_cer.der


cp /root/keystore.ImportKey /root/.keystore


cp /root/.keystore /usr/share/tomcat5/.keystore


keytool -keypass changeit -storepass changeit -list 

5) configure your tomcat connector to point to the keystore file and provide keypass (note: no need to indicate keyAlias)