Loading...Here are step-by-step instructions to Install SSL Certificate on Apache Tomcat server
Released 19 years ago, Apache Tomcat server is one of the most popular choices when it comes to open-source servers. Among all Java application servers, Tomcat occupies a staggering 63.9% of the market share. But we’re not here to sing the praises of Tomcat, are we? So, let’s get to the SSL certificate installation process in Tomcat without wasting much time.
Get SSL for your Apache Tomcat server and save up to 71%
Authenticate your Tomcat server using a reliable SSL certificate and set up a secure communication channel.
Before you begin…
You must make sure that the certificate files that you received from your certificate provider are stored in the same server directory as the keystore you created at the time of CSR generation.
If you’ve taken care of this requirement, you’re good to go.
Here’s how to install SSL in Tomcat
Step 1: Root Certificate Installation
First and foremost, you’ll need to install your root certificate file on your server. You’ll need to install the following command to do it:
keytool -import -trustcacerts -alias root -file RootCertFileName.crt -keystore keystore.key
Now, you’ll receive a message that says “Certificate already exists in system-wide CA keystore under alias <…> Do you still want to add it to your own keystore? [no]:”. Choose Yes. If the installation was successful, a “Certificate was added to keystore” message will be displayed on your screen.
Step 2: Intermediate Certificate Installation
Depending on your CA, you may or may not need to do this step. That’s because not every CA provides an intermediate certificate. You only need to install an intermediate certificate if you have received one. Run the following command to do so:
keytool -import -trustcacerts -alias intermediate -file IntermediateCertFileName.crt -keystore keystore.key
A “Certificate was added to keystore” message will be displayed if this went well.
Step 3: Primary Certificate Installation
Type in the following command to install the primary certificate:
keytool -import -trustcacerts -alias tomcat -file PrimaryCertFileName.crt -keystore keystore.key
Once done successfully, you should see a “Certificate reply was installed in keystore” message on your screen.
Step 4: SSL Connector Configuration
Once all these steps are done successfully, you’ll need to configure your SSL connector. Without this, an SSL/TLS connection cannot be established. So, keep a close eye on this part.
The things you’ll need to do are to change the file location and password.
- First, copy your keystore file to the home directory
Note: On Unix and Linux systems, the home directory would be /home/user_name/ while it would be Settings\user_name\ on Microsoft Windows systems.
- Open ${CATALINA_HOME}/conf/server.xml file in a text editor (e.g. Notepad)
- You’ll need to uncomment the SSL Connector Configuration
- Verify that the Connector Port is 443. If not, change it to 443.
- Finally, check whether the keystorePass matches with the keystore password. Also, confirm if the keystoreFile consists of the file and pathname of the keystore.
All done? The connector will look like:
<Connector className=”org.apache.catalina.connector.http.HttpConnector” port=”8443″ minProcessors=”5″ maxProcessors=”75″ enableLookups=”true” acceptCount=”10″ debug=”0″ scheme=”https” secure=”true”>
<Factory className=”org.apache.catalina.net.SSLServerSocketFactory” clientAuth=”false” protocol=”TLS” keystoreFile=”/working/mykeystore” keystorePass=”password”/>
- Save the changes to server.xml file
- Restart your Tomcat server
If everything went smoothly, your Tomcat server should now have an SSL/TLS certificate as your gatekeeper.
Cheers!