SSL Certificate Installation in Tomcat Web Server

If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see
SSL Certificate CSR Creation :: Tomcat Keytool or try our Java Keytool CSR Wizard Java Keytool CSR Creation.

Installing the SSL Certificates to the Keystore

Learn More About Tomcat SSL
  1. Log into the DigiCert® Management Console.

  2. Download your SSL Certificate file (your_domain_name.p7b) to the directory where you saved your keystore during the CSR creation process.

    If you used our keytool CSR command generator to generate your CSR, the keystore is called your_site_name.jks.

    You must install the SSL Certificate file to the same keystore and under the same alias name (i.e. "server") that you used to generate your CSR.
    If you try to install it to a different keystore, the install command in the next step will not work.

  3. To install the SSL Certificate file to your keystore, type the following command:

    keytool -import -trustcacerts -alias server -file your_site_name.p7b -keystore your_site_name.jks

  4. You should get a confirmation stating that the "Certificate reply was installed in keystore."

  5. If asked if you want to trust the certificate, choose y or yes.

  6. Your keystore file (your_site_name.jks) is now ready to be used on your Tomcat Server. Now, you need to configure your server to use it.

Configuring your SSL Connector

Before Tomcat can accept secure connections, you need to configure an SSL Connector.

  1. In a text editor, open the Tomcat server.xml file.

    The server.xml file is usually located in the conf folder of your Tomcat's home directory.

  2. Locate the connector that you want to use the new keystore to secure.

    Usually, a connector with port 443 or 8443 is used, as shown in step 4.

  3. If necessary, uncomment the connector.

    To uncomment a connector, remove the comment tags (<!-- and -->).

  4. Specify the correct keystore filename and password in your connector configuration.

    When you are done, your connector should look something like this:

    <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="/home/user_name/your_site_name.jks" keystorePass="your_keystore_password" />

    Note: If you are using a version of Tomcat prior to Tomcat 7, you need to change "keystorePass" to "keypass".

  5. Save your changes to the server.xml file.

  6. Restart Tomcat.

Installing Your SSL Certificates in Tomcat Web Server

How to install your SSL Digital Certificate on a Tomcat server.

Pasos para el Tomcat Instalar Certificado SSL a su servidor.