How to setup your SSL Certificate for Tomcat Web Server?


If you are installing an EV SSL Certificate, please follow our Tomcat EV SSL Certificate Installation Instructions. Otherwise, please follow these instructions to install your SSL certificate on Tomcat Web Server.


Installing the Certificates to the Keystore

Note: The certificate must be installed to the same keystore that was used to generate your CSR.

1. Once you received your SSL certificate by e-mail, please copy and paste it into a text file (with Notepad or Wordpad). Include the tags -----BEGIN CERTIFICATE----- before the code, and -----END CERTIFICATE----- at the end of the code. Save the file with the sslcert.crt extension.

2. Get your Root certificate. Copy and paste the content into a root.crt file by using a text editor software (such as Notepad or Wordpad).

3. Launch the following commands:

keytool -import -alias root -keystore "your_keystore_filename" -trustcacerts -file root.crt

The root certificate was imported to you keystore. Now you can import your SSL certificate with the following command :

keytool -import -alias sslcert -keystore "your_keystore_filename" -file sslcert.crt

Note: The keyword after "-alias" is the unique friendly name you assigned to each certificate when generating your private key and CSR.


Update server.wml configuration file

1. Open "$JAKARTA_HOME/conf/server.xml" in a text editor (located in the conf folder of your Tomcat's home directory).

2. Find the connector that will be secured with the new kestore and uncomment if necessary.

3. Specify the correct keystore filename and password in your connector configuration. When you are done, your connector should look something like this:

<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="/home/user_name/your_site_name.jks" keypass="your_keystore_password" />

4. Save your changes.

5. Restart Tomcat.