• What is SSL?
• Why SSL?
• PKI Overview
• SSL Certificate Features
• Ordering a Certificate
• What is a CSR?
• SSL Certificate Installation
  • 4D Webstar 4.x
  • Apache
  • BEA Weblogic
  • Citrix Secure Gateway
  • Cisco Secure ACS
  • cPanel/WHM
  • Courier IMAP
  • Ensim Pro
  • H-Sphere
  • IBM HTTP Server
  • Lotus Domino
  • Microsoft Exchange 2007
  • Microsoft IIS 5 and 6
  • Microsoft IIS 7
  • NetScreen
  • F5 Big-IP
  • Plesk
  • Tomcat
• SSL Certificate Errors
• SSL Details
• Special Types
• Copying a Certificate

Most Popular

• SSL VPN Servers
• How to Create a Self Signed Certificate in IIS 7
• The Most Common Java Keytool Keystore Commands
• How to Create a Self Signed Certificate using Java Keytool
• How to Create A Self Signed Certificate

Tomcat SSL Installation Instructions

Installing the Certificates to the Keystore

1. Download your certificate files from your certificate authority and save them to the same directory as the keystore that you created during the CSR creation process. The certificate will only work with the same keystore that you initially created the CSR with. The certificates must be installed to your keystore in the correct order.
2. Install the Root Certificate file: Every time you install a certificate to the keystore you must enter the keystore password that you chose when you generated it. Enter the following command to install the Root certificate file:

   keytool -import -trustcacerts -alias root -file RootCertFileName.crt -keystore keystore.key

If you receive a message that says "Certificate already exists in system-wide CA keystore under alias <...> Do you still want to add it to your own keystore? [no]:", select Yes. If successful, you will see "Certificate was added to keystore".

3. Install the Intermediate Certificate file: If your certificate authority provided an intermediate certificate file, you will need to install it here by typing the following command:

   keytool -import -trustcacerts -alias intermediate -file IntermediateCertFileName.crt -keystore keystore.key

   If successful, you will see "Certificate was added to keystore".

4. Install the Primary Certificate file: Type the following command to install the Primary certificate file (for your domain name):

   keytool -import -trustcacerts -alias tomcat -file PrimaryCertFileName.crt -keystore keystore.key

   If successful, you will see "Certificate reply was installed in keystore". You now have all the certificates installed to the keystore file. You just need to configure your server to use the keystore file.

Configuring your SSL Connector

Tomcat requires an SSL Connector to be configured before it can accept secure connections.

By default Tomcat looks for your Keystore with the file name .keystore in the home directory with the default password "changeit". The home directory is generally /home/user_name/ on Unix and Linux systems, and C:\Documents and Settings\user_name\ on Microsoft Windows systems. You will be able to change the password and file location.

1. Copy your keystore file (your_domain.key) to the home directory.
2. Open the file ${CATALINA_HOME}/conf/server.xml in a text editor.
3. Uncomment the SSL Connector Configuration.
4. Make sure that the Connector Port is 443.
5. Make sure the keystorePass matches the password for the keystore and the keystoreFile contains the path and filename of the keystore.
When you are done your connector should look something like this:

 <Connector className="org.apache.catalina.connector.http.HttpConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="10" debug="0" scheme="https" secure="true">
<Factory className="org.apache.catalina.net.SSLServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="/working/mykeystore" keystorePass="password"/>

6. Save the changes to server.xml
7. Restart Tomcat

Useful Tomcat SSL Links

• Apache Tomcat 6.0 - SSL Configuration HOW-TO
• The Apache Tomcat 5.5 Servlet/JSP Container - SSL Configuration HOW-TO

Tomcat SSL Installation Instructions Comments

iTwin
Posts: 3

It requires exporting to PKCS12 format and importing to JKS format
Reply #3 on : Thu August 16, 2012, 04:17:19

---

We had a SSL certificate issued from GoDaddy.com which comes with 3 separate files (root, intermediate and actual certificate file). Above procedure did not work for our case. We had to export the certificates to PKCS format and later import back to JKS store (i.e. some_file.jks)

Srinivas
Posts: 3

Reg SSL certificate
Reply #2 on : Mon January 23, 2012, 13:57:46

---

Next you need to get crt file either from third party(mostly for prod env) or self signed certificates.

Manoj
Posts: 3

SSL certificate
Reply #1 on : Fri December 02, 2011, 01:34:52

---

I have created .csr file and i like to know what is the next step to do furthur to create a proper certificate that can be used in the server.xml file .

Looking forward for your reply ASAP.

With regards
Manoj

Write a comment

Name:
Email: (not published)
Subject:
Comment:

Security Code:
 

Post Comment