Apache Tomcat Server SSL Certificate Installation
- Obtain private key and origin certificate pair
Create a certificate and key, and download them in PKCS#7 format (cert.p7b).
- Copy the key and cert pair to your origin server
Copy the key and certificate files to the directory on your server where you will keep your key and certificate files.
You must install the SSL Certificate file to the same keystore and under the same alias name (i.e. "server") that you used to generate your CSR. If you try to install it to a different keystore, the install command in the next step will not work.
- Install the certificate
To install the SSL Certificate file to your keystore, type the following command:Installation CLI command
keytool -import -trustcacerts -alias server -file cert.p7b -keystore your_site_name.jks
You should get a confirmation stating that the "Certificate reply was installed in keystore."
If asked if you want to trust the certificate, choose y or yes.
Your keystore file (your_site_name.jks) is now ready to be used on your Tomcat Server.
- Configure your SSL connector
Before Tomcat can accept secure connections, you need to configure an SSL Connector.
- In a text editor, open the Tomcat server.xml file. The server.xml file is usually located in the conf folder of your Tomcat's home directory.
- Locate the connector that you want to use the new keystore to secure. Usually, a connector with port 443 or 8443 is used, as shown in step 4.
- If necessary, uncomment the connector. To uncomment a connector, remove the comment tags (<!-- and -->).
- Specify the correct keystore filename and password in your connector configuration. When you are done, your connector should look something like this:
Sample connector block
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="/home/user_name/your_site_name.jks" keystorePass="your_keystore_password" />
If you are using a version of Tomcat prior to Tomcat 7, you need to change "keystorePass" to "keypass".
- Save your changes to the server.xml file.
- Restart Tomcat.