A Complete Guide to Install SSL certificate in Tomcat Server.
Tomcat also knew as Apache tomcat is a well-renowned name in the network category. Its popularity lies in being an open source web server by Apache Software Foundation. It basically supports Java-based applications (Java server pages (JSP) and Java servlets) by being a pure Java HTTP web server.
You should follow instructions to installing SSL certificate in Tomcat.
Generating Certificate Signing Request (CSR):
Before obtaining a Certificate from SSL2BUY, you need to create a CSR. With the help of this CSR, the CA will issue the certificate identifying your website as secured. Below are the steps given to creating a CSR:
Local certificate creation:
keytool -genkey -alias tomcat -keyalg RSA -keystore <your_keystore_filename>
Note: In the few cases, you will have added the domain of your website (for e.g. www.yoursite.org) in the “first-and lastname” fields for creating a working certificate.
Now, for creating the CSR, type the following command:
keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore <your_keystore_filename>
Now you have a file named certreq.csr that you can present to the Certificate Authority.
CA certification installation using X.509 format
- Select proper primary and secondary intermediate certificate.
- Copy-paste the contents of primary and secondary intermediate certificate in two separate text files, of course. Make sure that there are no white spaces, line breaks and extra lines in the file.
- Name the primary intermediate certificate text file as primary-inter.cer
- To import the above certificate into the keystore uses the following command
keytool -import -trustcacerts -alias primaryIntermediate -keystore your_keystore_filename -file primary_inter.cer
- Name the secondary intermediate certificate text file as secondary_inter.cer.
- In order to import the certificate, use the following command into the keystore.
keytool -import -trustcacerts -alias secondaryIntermediate -keystore your_keystore_filename -file secondary_inter.cer
Install SSL certificate
You have to download or copy-paste the certificate which you have received through e-mail. For the certificate which is emailed as an attachment, download and use it as it is. For the certificate which is forwarded as in text format; copy and paste it into a text file.
Please do not use Microsoft Word for this purpose as it will enumerate extra characters. Also, make sure that there are no white spaces or extra lines in the file.
It will look something like this:
-----BEGIN CERTIFICATE----- [encoded data] -----END CERTIFICATE-----
The five dashes after and before “Begin Certificate” & “End Certificate” are compulsory. There should be no white spaces, line breaks, and additional certificates.
Type the command to import the SSL certificate as given below:
Keytool -import -trustcacerts -alias your_alias_name -keystore your_keystore_filename -file your_certificate_filename
Note: The alias name should not be different from that mentioned during the generation of the private key and CSR.
Verify the contents of the Certificate
To list the contents of the keystore please type the following command:
keytool -list -v -keystore your_keystore_filename >output_filename
You will be able to view the content of the output in the following manner:
The SSL certificate should be imported under the alias “Entry Type” of PrivateKeyEntry or KeyEntry, if it is not so then please import it into the Private Key alias.
To enable SSL configuration your server.xml file
- Open the server.xml config file in the text editor.
- Search for the secure element in your config file (try searching for SSL Connector). By default, it should look something like this:
<-- SSL Connector on Port 8443 --> <!-- <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="false" acceptCount="10" connectionTimeout="60000" debug="0" scheme="https" secure="true"> <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="insert path to the keystore here"> keystorePass="insert keystore password here"> </Connector> -->
- Make sure the “keystoreFile” directive is citing the correct keystore and the “keystorePass” directive is addressing the correct keystore password.
NOTE: These directives are case-sensitive! Make sure the letters “F” and “P” in “keystoreFile” and “keystorePass” are in upper case.
- If your keystore contains more than one private key alias, please add the “keyAlias” directive to reference the correct private key alias name.
keystoreFile=”insert path to the keystore here”
keystorePass=”insert keystore password here”
keyAlias=”insert private key alias here”/>
- Save the changes.
- Stop and Restart Tomcat
In order to verify the contents of the certificate, use the installation checker.
For further information, please refer to the Tomcat Web site.