Tomcat (Keytool) SSL Certificate Installation Instructions

Generating a CSR in Tomcat server

Install the SSL Certificates to the Keystore:

1. First, Log on to the Management Console.

2. Next, Download the SSL Certificate file which is saved as your_domain_name.p7b to the place in which you saved the Keystore during the CSR Creation process.

NOTE: Install the SSL Certificate file to the same Keystore and under the generic name "Server" in which you used to generate the CSR. It is imperative that you do NOT install it to a different Keystore, because if it is not located within the same location, then the Install Command in the next step will NOT work.

3. Type the following command in order to install the SSL Certificate file: keytool -import -trustcacerts -alias server -file your_site_name.p7b -keystore your_site_name.jks

4. Now, you should have received the following confirmation, "Certificate reply was installed in keystore."

5. Make sure you select "Yes" when asked to "Trust the Certificate."

6. Now, your Keystore File which is saved as your_site_name.jks can not be used on the Tomcat Server. Next, configure the server in order to use it.

Configure the SSL Connector:

1. In order for the Tomcat can accept Secure Connections, you must configure the SSL Connector.

2. Open the Tomcat server.xml file in the Text Editor. You can find the server.xml file located in the configuration folder of your Tomcat's Home Directory.

3. Next, locate the connector in which you wish to secure the new Keystore. A connector with port 443 or 8443 is used.

4. You may have to uncomment the connector, and remove the comment tags ().

5. Next, in your connector configuration specify the Keystore filename and password. The connector should look like: < Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="/home/user_name/your_site_name.jks" keystorePass="your_keystore_password" />

NOTE: If you are using a version of Tomcat prior to Tomcat 7, change "KeystorePass" to "Keypass."

6. Next, SAVE the changes to the server.xml file.

7. Now you must Restart Tomcat.

Generating a CSR in Tomcat server
Back To Guides