Install SSL Certificate: Tomcat
Follow these instructions to install your SSL server certificate.
Overview. You will need to import two certificates into your keystore. First the root certificate
and then the SSL server certificate. Both of these certificates are included in
the body of the fulfillment email from GeoCerts. Both certificates are also available from your
GeoCerts account.
Import and Install the GeoTrust Root CA Certificate
- First you will need to install the GeoTrust Root CA Certificate into your
keystore. Copy-and-paste the root certificate from the body of the fulfillment email into
a simple text editor such as Notepad.
- Save the file to your server as
geotrustroot.pem in the same
directory where your keystore was created.
- Using the java keytool command
line utility, import the root certificate
geotrustroot.pem
into your keystore using the following command:
keytool -import -alias geotrustca -keystore
mykeystore -file geotrustroot.pem
The command should be typed on one line. This command imports the GeoTrust Root CA Certificate
into the keystore named mykeystore.
Import and Install the SSL Server Certificate
- Next install your SSL Server Certificate into your
keystore. Copy-and-paste the server certificate from the body of the fulfillment email into
a simple text editor such as Notepad.
- Save the file to your server as
yourdomain.com.pem in the same
directory where your keystore was created.
- Using the java keytool command
line utility, import the SSL server certificate
yourdomain.com.pem
into your keystore using the following command:
keytool
-import -alias tomcat -keystore mykeystore -file yourdomain.com.pem The command should
be typed on one line. This command imports the SSL server certificate into the keystore
named mykeystore.
Update Your Tomcat server.xml Configuration File:
- Open
$JAKARTA_HOME/conf/server.xml in a text editor.
- Find the following section:
<Connector className="org.apache.catalina.connector.http.HttpConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="10" debug="0" scheme="https" secure="true">
<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="false" protocol="TLS"
keystoreFile="/working/mykeystore"
keystorePass="password"/>
- If you want Tomcat to use the default SSL port, change all instances
of the port number 8443 to 443.
- Edit the keystoreFile and keystorePass directives to correspond
with the keystore file and password that you are using.
- Start or restart Tomcat using
the appropriate startup script (
startup.sh
for unix/linux or startup.bat for windows).
Test Your SSL Certificate
Test your SSL certificate by using a browser to connect to your server.
Use the https protocol directive. For example, if your
SSL was issued to secure.mysite.com, enter https://secure.mysite.com into
your browser.
Your browser's padlock icon will be displayed in the locked position if your certificate
is installed correctly and the server is properly configured for SSL.
Additional Resources:
Apache Tomcat 6.0
SSL Configuration HOW-TO
|
CSR Legend
When generating your CSR you will be asked to input
a few pieces of info. Below are some common fields with descriptions and examples.
Common Name (CN)
The fully-qualified-domain name for your certificate. Examples include...
- www.domain.com
- owa.domain.net
- secure.domain.ca
- *.domain.com (for wildcard SSL)
Organization (O)
The exact legal name of your organization. Do not abbreviate your
organization's name. Example: Metro Realty LLC or Flowers by Jenny
Organizational Unit (OU)
The section or division of the organization. Example: Sales, Support, Customer Service
City or Locality (L)
The city where your organization is legally located. Cannot be
abbreviated. Example: Atlanta
State (S) or Province
The state or province where your organization is legally located. Cannot
be abbreviated.. Example: Georgia
Country (C)
The two-letter ISO Country Code abbreviation for your country. Example: US, CA, GB (must be two-letters)
Email
Any email address. This field is arbitrary but must be filled in. GeoTrust
will not use this email address to process your order. Example: user@example.com
Key Bit Length
The key bit length has to do with the initial key exchange, not the
encryption strength of your certificate. GeoTrust recommends a key bit length of at least 1024.
|