How to Install SSL Certificate on Tomcat Web Server

Steps to install SSL certificate on Tomcat web server

Initial Checklist

Apache Tomcat ServerFollowing process must be completed before you start SSL certificate installation process on your Tomcat server.

  • Buy/renew SSL Certificate
  • Generate CSR with SHA-2 algorithm
  • Save the CSR & Private key file on your server
  • Apply for SSL Certificate Issuance
  • Submit SSL Certificate issuance documents as per CA’s requirement (Only for Extended & Organization Validation)

Step 1: Download SSL Certificate Files

After verification of your submitted documents, your certificate authority will provide you SSL certificate file via email, download all certificate files and store it on your server directory. Or else you can download form the website where you’ve purchase SSL certificate.

Step 2: Install SSL certificate on Keystore

Note: You must install the SSL certificate file within the same Keystore and alias name which you’ve used during CSR generation process, installation in wrong Keystore may not let you to run the install command.

  • Now, to install SSL certificate into the Keystore use the following command
keytool -import -trustcacerts -alias server -file website-name.p7b -keystore website-name.jks
  • One the command execute successfully a confirmation message will be displayed as “Certificate reply was installed in Keystore“.
  • It may ask you to trust the certificate, then you have to select Y or Yes.
  • Finally your Keystore file (website-name.jks) is ready to use in Tomcat web server.

Step 3: Configuration of SSL Connector

To configure SSL connector, you need to edit the Tomcat server.xml file.

  • Open the Tomcat server.xml file using a text editor located on tomcat home directory.
  • Here, navigate to Connector thread for which you wish to use the new Keystore file.
  • Generally the connector with 443 or 883 port number is used.
  • If the connector is commented (<!—Comment Tag –>), then you need remove the comment tag.
  • Now in the connector field, mention the Keystore and password correctly.
  • After entering Keystore & password, the connector will look like this
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="/home/user_name/website-name.jks" keystorePass="keystore-password" />
  • Save the Tomcat Server.xml file and Restart the server.

Installing SSL Certificate on Tomcat Web Server is now completed.

Resources and Other Installation Guides