Login Signup Buy Now

Toll Free Toll Free: 800-892-7095   Live Chat Live Chat

Install SSL Certificate: Tomcat

Follow these instructions to install your SSL server certificate.

Overview. You will need to import two certificates into your keystore. First the root certificate and then the SSL server certificate. Both of these certificates are included in the body of the fulfillment email from GeoCerts. Both certificates are also available from your GeoCerts account.

Import and Install the GeoTrust Root CA Certificate

  1. First you will need to install the GeoTrust Root CA Certificate into your keystore. Copy-and-paste the root certificate from the body of the fulfillment email into a simple text editor such as Notepad.

    Copy Certificate to Notepad
  2. Save the file to your server as geotrustroot.pem in the same directory where your keystore was created.
  3. Using the java keytool command line utility, import the root certificate geotrustroot.pem into your keystore using the following command:
    keytool -import -alias geotrustca -keystore mykeystore -file geotrustroot.pem
    The command should be typed on one line. This command imports the GeoTrust Root CA Certificate into the keystore named mykeystore.

Import and Install the SSL Server Certificate

  1. Next install your SSL Server Certificate into your keystore. Copy-and-paste the server certificate from the body of the fulfillment email into a simple text editor such as Notepad.
  2. Save the file to your server as yourdomain.com.pem in the same directory where your keystore was created.
  3. Using the java keytool command line utility, import the SSL server certificate yourdomain.com.pem into your keystore using the following command:
    keytool -import -alias tomcat -keystore mykeystore -file yourdomain.com.pem
    The command should be typed on one line. This command imports the SSL server certificate into the keystore named mykeystore.

Update Your Tomcat server.xml Configuration File:

  1. Open $JAKARTA_HOME/conf/server.xml in a text editor.
  2. Find the following section: <Connector className="org.apache.catalina.connector.http.HttpConnector"
    port="8443" minProcessors="5" maxProcessors="75"
    enableLookups="true"
    acceptCount="10" debug="0" scheme="https" secure="true">
    <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
    clientAuth="false" protocol="TLS"
    keystoreFile="/working/mykeystore"
    keystorePass="password"/>
  3. If you want Tomcat to use the default SSL port, change all instances of the port number 8443 to 443.
  4. Edit the keystoreFile and keystorePass directives to correspond with the keystore file and password that you are using.
  5. Start or restart Tomcat using the appropriate startup script (startup.sh for unix/linux or startup.bat for windows).

Test Your SSL Certificate

Test your SSL certificate by using a browser to connect to your server. Use the https protocol directive. For example, if your SSL was issued to secure.mysite.com, enter https://secure.mysite.com into your browser.

Your browser's padlock icon Browser padlock will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.

Additional Resources:

Apache Tomcat 6.0 SSL Configuration HOW-TO

CSR Legend

When generating your CSR you will be asked to input a few pieces of info. Below are some common fields with descriptions and examples.

Common Name (CN)

The fully-qualified-domain name for your certificate. Examples include...

  • www.domain.com
  • owa.domain.net
  • secure.domain.ca
  • *.domain.com (for wildcard SSL)

Organization (O)

The exact legal name of your organization. Do not abbreviate your organization's name. Example: Metro Realty LLC or Flowers by Jenny

Organizational Unit (OU)

The section or division of the organization. Example: Sales, Support, Customer Service

City or Locality (L)

The city where your organization is legally located. Cannot be abbreviated. Example: Atlanta

State (S) or Province

The state or province where your organization is legally located. Cannot be abbreviated.. Example: Georgia

Country (C)

The two-letter ISO Country Code abbreviation for your country. Example: US, CA, GB (must be two-letters)

Email

Any email address. This field is arbitrary but must be filled in. GeoTrust will not use this email address to process your order. Example: user@example.com

Key Bit Length

The key bit length has to do with the initial key exchange, not the encryption strength of your certificate. GeoTrust recommends a key bit length of at least 1024.

Our Customers

  (see more)
Our customers

Copyright © 2002-2009 GeoCerts, Inc. Site content monitored & protected by Copy Alerts

* Ten minutes applies to QuickSSL & QuickSSL Premium only. SSL orders flagged by GeoTrust for a manual security audit may take longer than ten minutes.