Help & Support
SHOULD YOU NEED ANY ASSISTANCE?
Kindly contact us
Install SSL in Apache Tomcat
Download and copy your certificate files to your server
Note: When executing the command to import the SSL certificate, you must specify the actual Alias used when you initially created the keystore. If you are unsure of this, run the following command to see the contents of your keystore:
keytool -list -keystore mykeystore.jks -v
Configure the keystore
- Import a root or intermediate CA certificate to an existing Java keystore. You MUST use the same alias used when the keystore was created, in this case the alias used was mydomain
keytool -import -trustcacerts -alias root -file L1root.crt -keystore mykeystore.jks
keytool -import -trustcacerts -alias root -file L1Chain.crt -keystore mykeystore.jks
- Enter your keystore password. You should get the follow response:
- Enter 'yes' and hit Enter.
- You should get the following response:
- Import a signed primary certificate to an existing Java keystore
... is not trusted. Install reply anyway? [no]: yes
Certificate reply was installed in keystore
keytool -import -trustcacerts -alias mydomain -file entrustcert.crt -keystore mykeystore.jks
Configure the server
- Locate the tomcat config file (default is
server.xml
), the config filename can be different depending on your Tomcat version or flavour. The config file will need to be updated to reference your keystore file and password. - Open the
server.xml
file in a text editor (such as vi or notepad) - Find the following section of code in the file (try searching for SSL Connector) and remove the comment tags around the connector entry.
- Save the
server.xml
file - Restart Tomcat
< Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="false" acceptCount="10" connectionTimeout="60000" debug="0" scheme="https" secure="true"> < Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="path/to/your/keystore/file" keystorePass="keystore password here"> < /Connector>
More info: Apache Tomcat SSL Configuration HOW-TO