Tomcat Certificate installation instructions

1. Save the certificate file

When you receive the certificate save it in a notepad file as certificate.txt for example. Please remember to download the certificate in PKCS#7 format as keytool prefers this format which contains both your issued certificate and all the signer certificates in the chain.

If you did not receive your certificate please download it using the instructions in the following Knowledge Base solution: vs7791

2. Import the certificate

Please use the following command to import the certificate into your keystore:

keytool -import -alias [keyEntry_name] -trustcacerts –file certificate.txt -keystore [keystore_name]

In the example in this screenshot we are using a Test Certificate.

Note: If you did not specify a keystore name when the keystore was originally generated please omit the -keystore parameter from the command)

When you execute this command you will be prompted for the keystore password, please specify the password you set when you generated the keystore.

When importing the certificate into your keystore use the same alias as the private key the certificate request (CSR) was created from (this will be the keyEntry listed in your keystore) and use the '-trustcacerts' parameter in your keytool -import command. If you do not specify the alias of the keyEntry your certificate will not be tied to the private key and you will not be able to use the certificate properly.

If you are unsure of the alias for the KeyEntry please use the following command to check the output from the keystore in order to verify the keyEntry name (alias):

keytool –list -keystore [keystore_name] -v

In the example in this screenshot the alias is “tomcat”.

3. Edit the Tomcat configuration file (server.xml)

Tomcat keeps its configuration information in a server.xml file, make sure Tomcat is reading the correct keystore file and keystore password and that port 8443 is enabled for secure connections.

a. Please open up the server.xml config file using a text editor (JAKARTA_HOME/conf/server.xml)

b. Please search for the secure element in your config file, by default it should look something like this:

c. Please make sure the ‘keystoreFile’ directive is referencing the correct keystore and the 'KeystorePass' directive is referencing the correct keystore password.

d. Please save the changes and stop and start Tomcat.

4. Setup the server

Make sure you assign port 8443 and a unique ip address to the virtual host.

Note: If the server is behind a firewall please make sure port 8443 has been enabled on the firewall.

Test your certificate by using a browser to connect to your server. Use the https protocol directive (e.g. https://your server/) to indicate you wish to use secure HTTP. The padlock icon on your browser will be displayed in the locked position if your certificates are installed correctly and the server is properly configured for SSL.