Download and copy your certificate files to your server
Download your SSL certificate and support files by clicking on the download link in your fulfillment email or from your GeoCerts SSL Manager account. Download the PKCS#7 formatted version of your certificate.
- Download the PKCS#7 version of your certificate to your server
- Use the following command to install the PKCS#7 certificate into your keystore. You MUST use the same keystore used for your private key and CSR.
keytool -import -trustcacerts -alias tomcat -file your_site_name.p7b -keystore mykeystore.jks
You MUST you the same alias used when the keystore was created, in this case the alias used was tomcat
- Enter your keystore password
- You should get the follow response:
... is not trusted. Install reply anyway? [no]: yes
- Enter 'yes' and hit Enter.
- You should get the following response:
Certificate reply was installed in keystore
Note: When executing the command to import the SSL certificate, you must specify the actual Alias used when you initially created the keystore. If you are unsure of this, run the following command to see the contents of your keystore: keytool -list -keystore mykeystore.jks -v
The SSL Certificate and intermeidate cert are now installed into your keystore.
- Locate the tomcat config file (example server.xml), the config filename can be different depending on your Tomcat version or flavour. The config file will need to be updated to reference your keystore file and password.
- Open the server.xml file in a text editor (such as vi or notepad). The server.xml file is usually located in the conf folder of your Tomcat's home directory.
- Locate the connector that you want to use the new keystore to secure.
- Make sure you are using the correct port (usually 443 or 8443).
- If necessary, uncomment the connector. To uncomment a connector, remove the comment tags (<!-- and -->).
- Specify the correct keystore filename and password in your connector configuration. When you are done, your connector should look something like this:
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100"
scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server"
keystoreFile="/home/user_name/your_site_name.jks" keystorePass="your_keystore_password" />
- Note: If you are using a version of Tomcat prior to Tomcat 7, you need to change "keystorePass" to "keypass".
- Save the server.xml file
- Restart Tomcat
To verify if your certificate is installed correctly, use our Certificate Installation Checker.
Test your SSL certificate by using a browser to connect to your server. Use the https protocol directive. For example, if your SSL was issued to secure.mysite.com, enter
https://secure.mysite.com into your browser.
Your browser's padlock icon will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.
Apache Tomcat 6.0 SSL Configuration HOW-TO
Disclaimer: GeoCerts has made efforts to ensure the accuracy and completeness of the information in this document. However, GeoCerts makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. GeoCerts assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document. Further, GeoCerts assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. GeoCerts reserves the right to make changes to any information herein without further notice.