How to Install an SSL Certificate on Apache Tomcat Server

Here are step-by – step instructions for SSL Certificate installation on Apache Tomcat server

Apache Tomcat server was released 19 years ago, and is one of the most common options when it comes to open source servers. Tomcat holds a whopping 63.9 per cent of market share among all Java application servers. But we’re not here to chant Tomcat’s praises, are we? So, let’s get to the installation process of SSL certificates at Tomcat without wasting much time.

Before you kick off …

You must ensure that the certificate files you obtained from your provider of certificates are stored in the same server directory as the keystore you created at the time of CSR generation.

If you have looked after this condition, you ‘re good to go.

How to use SSL at Tomcat

Step 1: Root Certificate Installation

Above all, you will have to install your root certificate file on your server. To do so, you will have to install the following command:

keytool -import -trustcacerts -alias root -file RootCertFileName.crt -keystore keystore.key

Now, you ‘re going to receive a message saying “Certificate already exists in system-wide CA keystore under alias < … > Do you still want to add it to your own keystore? [No]: Select Yes. If the installation is successful, a message entitled “Certificate was added to keystore” will be displayed on your computer.

Step 2: Implementation of intermediate Certificates

You may or may not need to do that step, depending on your CA. That’s because not every CA provides an interim certificate. If you have received one, you only need to install an intermediate certificate. To do this execute the following command:

keytool -import -trustcacerts -alias intermediate -file IntermediateCertFileName.crt -keystore keystore.key

If this went well, a message “Certificate has been added to keystore” will appear.

Step 3: Implementation of key Certificates

To install the primary certificate form the following command:

keytool -import -trustcacerts -alias tomcat -file PrimaryCertFileName.crt -keystore keystore.key

When done successfully, you should see on your computer a message entitled “Certificate reply was installed in keystore.”

Step 4: Configuring an SSL Connector

Once you have successfully completed all these steps, you will need to configure your SSL connector. Can not create an SSL / TLS link without this. So keep a close eye on that segment.

The things you need to do are to change the location of the file and its password.

  • Next, copy the keystore file into your home directory

Note: The home directory on Unix and Linux systems would be /home / user name/ whereas on Microsoft Windows systems it would be Settings\user name\.

  • In a text editor, open ${CATALINA HOME}/conf / server.xml file (e.g. notepad)
  • You will need to uncomment the SSL Connector Setup
  • Verify the port is 443 Connector. If not, reset it to 443.
  • Lastly, check if keystorePass matches the keystore password. Confirm also if keystoreFile consists of keystore file and keystore pathname.

All done? The plug-in will look like:

<Connector className=”org.apache.catalina.connector.http.HttpConnector” port=”8443″ minProcessors=”5″ maxProcessors=”75″ enableLookups=”true” acceptCount=”10″ debug=”0″ scheme=”https” secure=”true”>

<Factory className=”” clientAuth=”false” protocol=”TLS” keystoreFile=”/working/mykeystore” keystorePass=”password”/>

  • Save changes to server.xml file
  • Start your Tomcat server again

If all went smoothly, your Tomcat server should now have as its gatekeeper an SSL / TLS certificate.