# External Certificate ## Acquire certificate Buy a certificate from a provider. Note that the max lifetime is currently 1 year, så buying a 5 year certificate only help on pricing. ``` https://www.ssls.com/ ``` After issuing the files you will have - A private key - ex: movia.tempusserva.dk.pfx - A certificate - ex: movia\_tempusserva\_dk\_key.txt ## Install certificate 1\. Upload the files 2\. Convert to a pfx file format ``` openssl pkcs12 -export -out movia.tempusserva.dk.pfx -inkey movia_tempusserva_dk_key.txt -in movia.tempusserva.dk.crt ``` Write the password down Check alias if needed ```bash openssl pkcs12 -nokeys -info -in movia.tempusserva.dk.pfx -passin pass:TempusServaFTW! ``` 4\. Install in tomcat Add the following code to <tomcat>\\conf\\server.xml ```xml ``` 5\. Restart the server