.png)
A Complete Guide to Install SSL certificate in Tomcat Server.
Tomcat also knew as Apache tomcat is a well-renowned name in the network category. Its popularity lies in being an open source web server by Apache Software Foundation. It basically supports Java-based applications (Java server pages (JSP) and Java servlets) by being a pure Java HTTP web server.
Install SSL certificate
You have to download or copy-paste the certificate which you have received through e-mail. For the certificate which is emailed as an attachment, download and use it as it is. For the certificate which is forwarded as in text format; copy and paste it into a text file.
Please do not use Microsoft Word for this purpose as it will enumerate extra characters. Also, make sure that there are no white spaces or extra lines in the file.
It will look something like this:
-----BEGIN CERTIFICATE----- [encoded data] -----END CERTIFICATE-----
The five dashes after and before “Begin Certificate” & “End Certificate” are compulsory. There should be no white spaces, line breaks, and additional certificates.
Type the command to import the SSL certificate as given below:
Keytool -import -trustcacerts -alias your_alias_name -keystore your_keystore_filename -file your_certificate_filename
For example,
Note: The alias name should not be different from that mentioned during the generation of the private key and CSR.
Verify the contents of the Certificate
To list the contents of the keystore please type the following command:
keytool -list -v -keystore your_keystore_filename >output_filename
For example
You will be able to view the content of the output in the following manner:
The SSL certificate should be imported under the alias “Entry Type” of PrivateKeyEntry or KeyEntry, if it is not so then please import it into the Private Key alias.
To enable SSL configuration your server.xml file
- Open the server.xml config file in the text editor.
- Search for the secure element in your config file (try searching for SSL Connector). By default, it should look something like this:
<-- SSL Connector on Port 8443 --> <!-- <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="false" acceptCount="10" connectionTimeout="60000" debug="0" scheme="https" secure="true"> <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="insert path to the keystore here"> keystorePass="insert keystore password here"> </Connector> -->
- Make sure the “keystoreFile” directive is citing the correct keystore and the “keystorePass” directive is addressing the correct keystore password.
NOTE: These directives are case-sensitive! Make sure the letters “F” and “P” in “keystoreFile” and “keystorePass” are in upper case. - If your keystore contains more than one private key alias, please add the “keyAlias” directive to reference the correct private key alias name.
For Example:
keystoreFile=”insert path to the keystore here”
keystorePass=”insert keystore password here”
keyAlias=”insert private key alias here”/> - Save the changes.
- Stop and Restart Tomcat
