Login Signup Buy Now

Toll Free Toll Free: 800-892-7095   Live Chat Live Chat

Install SSL Certificate Tomcat

Overview. You will need to import two certificates into your keystore. First the root certificate and then the SSL server certificate. Both of these certificates are included in the body of the fulfillment email from GeoCerts. Both certificates are also available from your GeoCerts SSL Manager account (recommended).

Step 1: Import and Install the GeoTrust Root CA Certificate

  1. First you will need to install the GeoTrust Root CA Certificate into your keystore. Copy-and-paste the root certificate from the body of the fulfillment email into a simple text editor such as Notepad.

    Copy Certificate to Notepad
  2. Save the file to your server as geotrustroot.pem in the same directory where your keystore was created.
  3. Using the java keytool command line utility, import the root certificate geotrustroot.pem into your keystore using the following command:
    keytool -import -alias geotrustca -keystore mykeystore -file geotrustroot.pem
    The command should be typed on one line. This command imports the GeoTrust Root CA Certificate into the keystore named mykeystore.

Step 2: Import and Install the SSL Server Certificate

  1. Next install your SSL Server Certificate (public key) into your keystore. Copy-and-paste the server certificate from the body of the fulfillment email into a simple text editor such as Notepad.
  2. Save the file to your server as public.pem in the same directory where your keystore was created.
  3. Using the java keytool command line utility, import the SSL server certificate public.pem into your keystore using the following command:
    keytool -import -alias tomcat -keystore mykeystore -file public.pem
    The command should be typed on one line. This command imports the SSL server certificate into the keystore named mykeystore.

Step 3: Update Your Tomcat server.xml Configuration File:

  1. Open $JAKARTA_HOME/conf/server.xml in a text editor.
  2. Find the following section:
    <Connector className="org.apache.catalina.connector.http.HttpConnector"
    port="8443" minProcessors="5" maxProcessors="75"
    enableLookups="true"
    acceptCount="10" debug="0" scheme="https" secure="true">
    <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
    clientAuth="false" protocol="TLS"
    keystoreFile="path-to-tomcat-keystore-file"
    keystorePass="password"/>
    </Connector>
  3. Edit the keystoreFile and keystorePass directives to correspond with the keystore file and password that you are using.
  4. Start or restart Tomcat using the appropriate startup script (startup.sh for unix/linux or startup.bat for windows).

Troubleshooting/Testing

New To verify if your certificate is installed correctly, use the GeoTrust Certificate Installation Checker.

Test your SSL certificate by using a browser to connect to your server. Use the https protocol directive. For example, if your SSL was issued to secure.mysite.com, enter https://secure.mysite.com into your browser.

Your browser's padlock icon Browser padlock will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.

Apache Tomcat 6.0 SSL Configuration HOW-TO

Disclaimer: GeoCerts has made efforts to ensure the accuracy and completeness of the information in this document. However, GeoCerts makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. GeoCerts assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document. Further, GeoCerts assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. GeoCerts reserves the right to make changes to any information herein without further notice.

Our Customers

  (see more)
Our customers
Follow us on Twitter!

Copyright © 2002-2010 GeoCerts, Inc.

* Ten minutes applies to QuickSSL & QuickSSL Premium only. SSL orders flagged by GeoTrust for a manual security audit may take longer than ten minutes.