Article Purpose: This article provides step-by-step instructions for installing your certificate in Tomcat using a PKCS#7 file. If this is not the solution you are looking for, please search for your solution in the search bar above.
Installing Your SSL Certificate:
- Type the following command to install the certificate file to your keystore:
keytool -import -trustcacerts -alias server -file your_site_name.p7b -keystore your_site_name.jks
You should get a confirmation stating that the "Certificate reply was installed in keystore".
If it asks if you want to trust the certificate. Choose y or yes.
Your keystore file (your_site_name.jks) is now ready to use on your Tomcat Server and you will now need to configure your server to use it.
Tomcat will first need an SSL Connector configured before it can accept secure connections.
- Open the Tomcat server.xml file in a text editor (this is usually located in the conf folder of your Tomcat's home directory).
- Find the connector that will be secured with the new keystore and uncomment it if necessary (it is usually a connector with port 443 or 8443 like the example below).
- Specify the correct keystore filename and password in your connector configuration. When you are done your connector should look something like this:
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS"keyAlias="server" keystoreFile="/home/user_name/your_site_name.jks" keypass="your_keystore_password" />
- Save your changes to the server.xml file.
- Restart Tomcat.
Note: By default Tomcat will look for your Keystore with the file name .keystore in the home directory with the default password changeit. The home directory is generally /home/user_name/ on Unix and Linux systems, and C:\Documents and Settings\user_name\ on Microsoft Windows systems.