Login Signup Buy Now

Toll Free Toll Free: 800-892-7095   Live Chat Live Chat

Install SSL Certificate Tomcat

Download and copy your certificate files to your server

Download your SSL certificate and support files by clicking on the download link in your fulfillment email or from your GeoCerts SSL Manager account. Download the PKCS#7 formatted version of your certificate.

  1. Download the PKCS#7 version of your certificate to your server
  2. Use the following command to install the PKCS#7 certificate into your keystore. You MUST use the same keystore used for your private key and CSR.
    keytool -import -trustcacerts -alias tomcat -file your_site_name.p7b -keystore mykeystore.jks
     You MUST you the same alias used when the keystore was created, in this case the alias used was tomcat
  3. Enter your keystore password
  4. You should get the follow response:
    ... is not trusted. Install reply anyway? [no]:  yes
  5. Enter 'yes' and hit Enter.
  6. You should get the following response:
    Certificate reply was installed in keystore

Note: When executing the command to import the SSL certificate, you must specify the actual Alias used when you initially created the keystore. If you are unsure of this, run the following command to see the contents of your keystore: keytool -list -keystore mykeystore.jks -v

The SSL Certificate and intermeidate cert are now installed into your keystore.

Configure Tomcat

  1. Locate the tomcat config file (example Server.xml), the config filename can be different depending on your Tomcat version or flavour. The config file will need to be updated to reference your keystore file and password.
  2. Open the Server.xml file in a text editor (such as vi or notepad)
  3. Find the following section of code in the file (try searching for SSL Connector) and remove the comment tags around the connector entry. 
    <-- SSL Connector on Port 8443  -->
<!--
    <Connector
        className="org.apache.coyote.tomcat4.CoyoteConnector"
       port="8443"  minProcessors="5"
       maxProcessors="75"
        enableLookups="false"
       acceptCount="10"
        connectionTimeout="60000" debug="0"
        scheme="https"  secure="true">
     <Factory
        className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
               clientAuth="false" protocol="TLS"
              keystoreFile="insert  path to the keystore here">
               keystorePass="insert keystore password here">
      </Connector>
  -->
  4. Update the text in bold with the full path to each file (example "C:/tomcat/bin/certs/mykeystore.jks")
  5. Save the Server.xml file
  6. Restart Tomcat

Verify Installation

New To verify if your certificate is installed correctly, use our Certificate Installation Checker.

Test your SSL certificate by using a browser to connect to your server. Use the https protocol directive. For example, if your SSL was issued to secure.mysite.com, enter https://secure.mysite.com into your browser.

Your browser's padlock icon Browser padlock will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.

More Info

Apache Tomcat 6.0 SSL Configuration HOW-TO

Disclaimer: GeoCerts has made efforts to ensure the accuracy and completeness of the information in this document. However, GeoCerts makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. GeoCerts assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document. Further, GeoCerts assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. GeoCerts reserves the right to make changes to any information herein without further notice.

Our Customers

  (see more)
Our customers
Symantec SSL Platinum Partner
Follow us on Twitter!

Copyright © 2002-2013 GeoCerts, Inc.

* Ten minutes applies to QuickSSL & QuickSSL Premium only. SSL orders flagged by GeoTrust for a manual security audit may take longer than ten minutes.