Installing Tomcat SSL certificates

< Back

Installing SSL certificates for Keystore

  1. Download your SSL certificate (your_domain_name.p7b) to the directory where you saved your key.

    Note:
    You must install the SSL certificate file to the same key and under the same alias name (i.e. "server") that you used to create your CSR.

    If you try to install it to another key container, the install command in the next step will not work.

  2. To install the SSL certificate file to your key, type the following command:

    keytool -import -trustcacerts -server alias -file your_domain_name.p7b -keystore your_domain_name.jks

  3. You should receive a confirmation "Certificate reply was installed in keystore.”
  4. If you are asked if you want to trust the certificate, select y or yes .
  5. Your Key file (your_domain_name.jks) is now ready to be used on your Tomcat Server.
    Now you need to configure the server to use it.

Configuring the SSL Connector

Before Tomcat can accept secure connections, you must configure an SSL connection.

  1. In a text editor, Tomcat opens the server.xml file.

    The server.xml file is usually located in the conf folder in your Tomcat home directory.

  2. Locate the connector you want to use the new key for.

    Usually port 443 or 8443 is used, as shown in step 4.

  3. If necessary, comment on the connector.

    Uncommenting means removing comment tags ().

  4. Enter the correct keystore file name and password in the contact configuration.

    When you're done, your contact should look something like this:

    <Connector port="443″ maxHttpHeaderSize="8192″ maxThreads="150″ minSpareThreads="25″ maxSpareThreads="75″ enableLookups="false" disableUploadTimeout="true" acceptCount="100″ scheme="https" secure="true"SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="/home/user_name/your_domain_name.jks" keystorePass="your_keystore_password" />

    Note: If you are using a version of Tomcat before Tomcat 7, you need to change "keystorePass" to "KeyPass".

  5. Save your changes in the server.xml file.
  6. Restart Tomcat.