How to Install SSL Certificate on Tomcat Web Server
Steps to install SSL in Tomcat webserver
Following process must be completed before you start SSL certificate installation process on your Tomcat server.
- Buy/renew SSL Certificate
- Generate CSR with SHA-2 algorithm
- Save the CSR & Private key file on your server
- Apply for SSL Certificate Issuance
- Submit SSL Certificate issuance documents as per CA’s requirement (Only for Extended & Organization Validation)
Step 1: Download SSL Certificate Files
After verification of your submitted documents, your certificate authority will provide you SSL certificate file via email, download all certificate files and store it on your server directory. Or else you can download from the website where you’ve
Step 2: Install SSL certificate on Keystore
- Now, to install SSL certificate into the Keystore use the following command
keytool -import -trustcacerts -alias server -file website-name.p7b -keystore website-name.jks
- Once the command executed successfully a confirmation message will be displayed as “Certificate reply was installed in Keystore“.
- It may ask you to trust the certificate, then you have to select Y or Yes.
Finallyyour Keystore file (website-name.jks) is ready to use in Tomcat web server.
Step 3: Configuration of SSL Connector
To configure SSL connector, you need to edit the Tomcat server.xml file.
- Open the Tomcat server.xml file using a text editor located on tomcat home directory.
- Here, navigate to Connector thread for which you wish to use the new Keystore file.
- Generally the connector with 443 or 883 port number is used.
- If the connector is commented (<!—Comment Tag –>), then you need remove the comment tag.
- Now in the connector field, mention the Keystore and password correctly.
- After entering Keystore & password, the connector will look like this
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="/home/user_name/website-name.jks" keystorePass="keystore-password" />
- Save the Tomcat Server.xml file and Restart the server.