How to Install SSL Certificate on Tomcat?

Steps to Begin Installation of SSL on Tomcat

Are you looking to secure your Tomcat server with SSL but don’t know where to start? Look no further! This comprehensive guide will take you through all the crucial steps of a proper SSL installation in Tomcat. So, let’s jump right into the installation process to safeguard your server security.

Let’s get started!

First Things First: Generate CSR

CSR (Certificate Signing Request) comprises domain ownership and company information. This is how you can generate it.

• Open our CSR Generator Tool
• Fill in the Required Information
• Choose a Key Size and Algorithm
• Generate the CSR

Here is a step-by-step process of installing an SSL certificate on Tomcat server.

Step-1: Downloading and Extracting the SSL certificate sent by the CA

When you purchase an SSL certificate, the certificate authority will email you a compressed file that contains root, intermediate, & primary certificate files for installation. Download & extract them onto the Tomcat web server directly. This is where the Keystore was added while the CSR was generated.

Always remember that the SSL certificate will only work with the Keystore created during the CSR generation process. In case you use a different key store, the certificate won’t function correctly. Moreover, please make sure that all the certificate files are installed in the correct order on the key store. Failing to do so, could result in issues with the SSL installation and potentially compromise your website’s security.

Step-2: Importing the Root Certificate

• Open the command prompt or the terminal window.
• Navigate to the Java installation directory by using the ‘cd’ command.

cd C:\Program Files\Java\jdk1.8.0_211\bin

• import the root certificate by running the following command:

keytool -import -trustcacerts -alias root -file [root certificate file path] -keystore [keystore file path]

• Make sure to replace the ‘[root certificate file path]’ and ‘[key store file path]’ with the suitable paths relevant to your system.
• Type ‘yes’ to accept the Certificate and hit Enter.
• When the process is completed, it will show a message which reads like this ‘Certificate was added to Keystore.‘

Step-3: Importing the Intermediate Certificate

• Import the intermediate certificate by running the following command

keytool -import -trustcacerts -alias intermediate -file [intermediate certificate file path] -keystore [keystore file path]

• Make sure to replace the “[intermediate certificate file path]” and “[keystore file path]” with the appropriate paths on your system.
• After completing this process, it will again show a message like this ‘Certificate was added to Keystore.‘

Step-4: Installing the Primary Certificate

• Install the primary certificate by running the following command

keytool -import -trustcacerts -alias tomcat -file [primary certificate file path] -keystore [keystore file path]

• Make sure to replace the “[primary certificate file path]” and “[keystore file path]” with the appropriate paths on your system.
• The successful installation message will pop again after running the command.
• After the successful installation of root, Intermediate, and primary certificate, the next step is to configure the server for using the Keystore file.

Step 5: Server Configuration

During the server configuration, Tomcat looks for the Keystore with the filename. Keystore and default password ‘change it’ in the home directory of the system.

For Linux and Unix OS, the directory can be found at /home/user-name/

For Windows users, you can find the directory at C:\Documents and Settings\user-name\

Note: The users can change the password and file location if they deem it is necessary.

• Copy your-domain-name.key Keystore file to the home directory.
• Open the server.xml file located in …~/conf/ using any text editor.
• You may have to uncomment the SSL connector.
• Find the SSL connector that will use the new Keystore. Ensure that the Connector Port is set to 443.
• While configuring the SSL connector, specify the exact location of the Keystore file and the correct KeystorePass.

Note: If you are a user of Tomcat 7.0.X or 8.0.X, replace KeystorePass with Keypass in the configuration.

• After completing the connector configuration process, it should appear like the following:

<Connector className="org.apache.catalina.connector.http.HttpConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="10" debug="0" scheme="https" secure="true"> <Factory className="org.apache.catalina.net.SSLServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="/working/mykeystore" keystorePass="password"/>

• After making changes to the server.xml file, save the modifications and proceed to restart the Tomcat Server.
• Once you have installed an SSL certificate in Tomcat, it’s important to regularly check for any unnoticed errors that could affect its performance. You can use SSL Checker Tool which provides instant scans and reports to do this.

Where to Find the SSL Certificate for Tomcat Web Server?

If you’re wondering where to buy the best SSL certificate for Tomcat, look no further than Certera. We are also partnered with the top Certificate Authorities in the industry and offer competitive prices for our range of SSL products. Our certificates are compatible with Tomcat servers and can secure various websites, from small blogs to giant enterprise websites.