Creating double SSL certificate steps:
Step 1
Create a Keystore:
Command : keytool -genkey -v -alias tomcat -keyalg RSA -validity 3650 -keystore yourcompany.keystore
This leads to a series of question where I am giving password as "changeit"(wherever required),
First and Last Name
localhost/IP Address
Organization Unit
IT
Organization Name
Your company name
City
State
Karnataka
Country (two letter code)
IN
Step 2
Creating Client cert and Keys
Command: keytool -genkey -v -alias KumarPallavCert -keyalg RSA -storetype PKCS12 -keystore KumarPallav.p12
Password: changeit
First Name or Last Name
Rest details as same as first step
Step 3
Adding Certificate Public key to keystore
Command: keytool -export -alias KumarPallavCert -keystore KumarPallav.p12 -storetype PKCS12 -rfc -file kumarpallav.cer
STEP 4
Command : keytool -import -v -file kumarpallav.cer -keystore yourcompany.keystore –alias KumarPallavCert
password =changeit
Configuring server.xml in tomcat/conf
add following lines
port ="8443" minProcessors="5" maxProcessors="75"
protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="yourcompany.keystore"
keystorePass="changeit"
truststoreFile="yourcompany.keystore"
truststorePass="changeit"
/>
NB : Put yourcompany.keystore inside tomcat root directory example ApacheTomcat6.0.14 along with directory as conf, bin etc.