Installing an SSL Certificate in Tomcat
After the certificate is issued, download it from the Certificate Manager and place it in the same folder as your keystore. Then, using keytool, enter the following commands to install the certificates.
The file names for your root and intermediate certificates depend on your signature algorithm.
- SHA-1 root certificate:
gd_class2_root.crt
- SHA-2 root certificate:
gdroot-g2.crt
- SHA-1 intermediate certificate:
gd.intermediate.crt
- SHA-2 intermediate certificate:
gdig2.crt
You should not use SSL certificates employing the SHA-1 algorithm.
You can also download certificates from the repository.
To Install Your SSL in Tomcat
- Install the root certificate by running the following command:
keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file <name of the root certificate>
- Install the intermediate certificate by running the following command:
keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file <name of the intermediate certificate>
- Install the issued certificate into the keystore by running the following command:
keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file <name of the certificate>
- Update the
server.xml
file with the correct keystore location in the Tomcat directory.NOTE: The HTTPS connector is commented out by default. Remove the comment tags to enable HTTPS.
- Tomcat 4.x — Update the following elements in server.xml for Tomcat 4.x:
clientAuth=”false”
protocol=”TLS” keystoreFile=”/etc/tomcat5/tomcat.keystore”
keystorePass=”changeit” /> - Tomcat 5.x, 6.x and 7.x — Update the following elements in server.xml for Tomcat 5.x, 6.x and 7.x:
<– Define a SSL Coyote HTTP/1.1 Connector on port 8443 –> <!– <Connector port=”8443″ maxThreads=”200″ scheme=”https” secure=”true” SSLEnabled=”true” keystoreFile=”<em>path to your keystore file</em>” keystorePass=”changeit” clientAuth=”false” sslProtocol=”TLS”/>
- Tomcat 4.x — Update the following elements in server.xml for Tomcat 4.x:
- Save your changes to server.xml, and then restart Tomcat to begin using your SSL. Your SSL Certificate is installed. If you have problems, please see Where can I get information about my SSL’s configuration? to help diagnose issues.