Tomcat Web Server SSL Certificate Installation

SSL Certificate Installation in Tomcat Web Server

Installing The Certificates to the Keystore

  1. Download your SSL Certificate file (your_domain_name.p7b) from your DigiCert Web-PKI Customer Account to the directory where your keystore (your_site_name.jks if you used our keytool CSR command generator) was saved during the CSR creation process.

    ***NOTE***: The certificate must be installed to the same keystore that was used to generate your CSR. If you try to install it to a different keystore it will not work.

  2. Install the Certificate file to your keystore:

    Type the following command to install the certificate file:

    keytool -import -trustcacerts -alias server -file your_domain_name.p7b -keystore your_site_name.jks

    You should get a confirmation stating that the "Certificate reply was installed in keystore"

    If it asks if you want to trust the certificate. Choose y or yes.

    The installation of this one file will load all of the necessary certificates to your keystore. Your keystore file (your_site_name.jks) is now ready to use on your Tomcat Server and you just need to configure your server to use it.

Configuring your SSL Connector

Tomcat will first need an SSL Connector configured before it can accept secure connections.

**Note: By default Tomcat will look for your Keystore with the file name .keystore in the home directory with the default password changeit. The home directory is generally /home/user_name/ on Unix and Linux systems, and C:\Documents and Settings\user_name\ on Microsoft Windows systems. -- It is possible to change the filename, password, and even location that Tomcat looks for the keystore. If you need to do this, pay special attention to #8 of Option 1 or #5 of Option 2 below.

Option 1 -- Add an SSL Connector using admintool:

  1. Start Tomcat.
  2. Enter 'http://localhost:8080/admin' in a local browser to start admintool.
  3. Type a username and password with administrator rights.
  4. On the left select service (Java Web Services Developer Pack).
  5. Select Create New Connector from the drop-down list on the right.
  6. Choose HTTPS in the Type field.
  7. In the Port field, enter 443. This defines the TCP/IP port number on which Tomcat will listen for secure connections.
  8. Enter the Keystore Name and Keystore Password if your keystore is named something other than .keystore, if .keystore is located in a directory other than the home directory of the machine on which Tomcat is running, or if the password is something other than the default value of changeit. If you have used the default values, you can leave these fields blank.
  9. Select Save to save the new Connector.
  10. Select Commit Changes to save the new Connector information to the server.xml file so that it is available the next time Tomcat is started.

Option 2 -- Configure the SSL Connector in server.xml:

  1. Copy your keystore file (your_domain.key) to the home directory (see the **Note above).
  2. Open the file Home_Directory/conf/server.xml in a text editor.
  3. Uncomment the SSL Connector Configuration.
  4. Make sure that the Connector Port is 443.
  5. If your keystore filename is something other than the default file name (.keystore) and/or your keystore password is something other than default (changeit) then you will need to specify the correct keystore filename and/or password in your connector configuration -- ex. keypass="newpassword"

    When you are done your connector should look something like this:

    <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="/home/user_name/your_site_name.jks" keypass="your_keystore_password" />

  6. Save the changes to server.xml.
  7. Restart Tomcat.

Installing your SSL Certificates in Tomcat Web Server

How to install your SSL Digital Certificate.

Purchase an SSL Certificate Now

 

All trademarks displayed on this web site are the exclusive property of the respective holders.