SSL Installation: Tomcat
Make sure you have all the following files saved before proceeding:
Your Server Certificate - This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order.
Intermediate Certificates - These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle.
Your Private Key - This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it.
Convert your certificate files from PEM (.cer or .crt) to PKCS#7 (.p7b) Format, find instructions here: Converting a PFX file to PEM, SPC, and PVK files
Note: This file is usually pre-installed on your server or device. You can always install it again to ensure the correct certificate chain is built.
Note: If you have two intermediate files, upload the second file as the Root CA Certificate. This will allow you to still build the correct certificate chain since the Root should be pre-installed on your server or device.
Note: You must install the certificate on the same keystore and under the same "alias name." If not, you will encounter problems during installation and may have to start over.
Note: The .xml file is generally stored in the conf folder in your server's home directory.
Note: Typically, the connector used has port 443 or 8443.
< Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="/home/user_name/your_domain_name.jks" keystorePass="your_keystore_password" />
Note: If you are using a version prior to Tomcat 7, please change the word "keystorePass" to "keypass".
Congratulations! You've successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.