Get your FREE copy of "The Ultimate Guide of SSL"

Download Ebook

How to Install SSL Certificate on Tomcat Web Server

Steps to install SSL in Tomcat webserver

Initial Checklist

Apache Tomcat ServerFollowing process must be completed before you start SSL certificate installation process on your Tomcat server.

  • Buy/renew SSL Certificate
  • Generate CSR with SHA-2 algorithm
  • Save the CSR & Private key file on your server
  • Apply for SSL Certificate Issuance
  • Submit SSL Certificate issuance documents as per CA’s requirement (Only for Extended & Organization Validation)

Step 1: Download SSL Certificate Files

After verification of your submitted documents, your certificate authority will provide you SSL certificate file via email, download all certificate files and store it on your server directory. Or else you can download from the website where you’ve purchase SSL certificate.

Step 2: Install SSL certificate on Keystore

Note: You must install the SSL certificate file within the same Keystore and alias name which you’ve used during the CSR generation process. Installation in the wrong Keystore may not let you run the install command.

  • Now, to install SSL certificate into the Keystore use the following command
keytool -import -trustcacerts -alias server -file website-name.p7b -keystore website-name.jks
  • Once the command executed successfully a confirmation message will be displayed as “Certificate reply was installed in Keystore“.
  • It may ask you to trust the certificate, then you have to select Y or Yes.
  • Finally your Keystore file (website-name.jks) is ready to use in Tomcat web server.

Step 3: Configuration of SSL Connector

To configure SSL connector, you need to edit the Tomcat server.xml file.

  •  Open the Tomcat server.xml file using a text editor located on tomcat home directory.
  • Here, navigate to Connector thread for which you wish to use the new Keystore file.
  • Generally the connector with 443 or 883 port number is used.
  • If the connector is commented (<!—Comment Tag –>), then you need remove the comment tag.
  • Now in the connector field, mention the Keystore and password correctly.
  • After entering Keystore & password, the connector will look like this
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" 
enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" 
SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" 
keystoreFile="/home/user_name/website-name.jks" keystorePass="keystore-password" />
  • Save the Tomcat Server.xml file and Restart the server.
Installing SSL Certificate on Tomcat Web Server is now completed.

Resources and Other Installation Guides



Comodo Positive SSL


Vendor Price: $41.73

Coupon Code: ASCSCPSSL4

Get It Now



RapidSSL Certificate


Vendor Price: $69

Coupon Code: ASRSRSSL2

Get It Now



Comodo PositiveSSL Multi-Domain

$17.54 – 2 SAN Included

Vendor Price: $41.73

Coupon Code: ASCSCPMD4

Get It Now

Disclosure: AboutSSL appreciates your continuous support. It helps us tremendously to keep moving in the competitive SSL industry. Here most of the links which direct you to buy any SSL/TLS related service or products earns us a certain percentage of referral commission. Learn More