Use the DigiCert Certificate Utility to create a CSR and prepare your certificate for installation on your Tomcat server

We recommend using the DigiCert Certificate Utility to produce your Certificate Signing Request (CSR), as well as install and manage your SSL/TLS certificates. See DigiCert® Certificate Utility for Windows for additional information on our utility.

Create your certificate signing request (CSR) and then install your SSL Certificate using the instructions on this page.

Restart Note: You must restart the Tomcat service after installing your SSL/TLS certificate and configuring the server to utilize it.

I. Tomcat Server: Create Your CSR with the DigiCert Utility

The DigiCert® Certificate Utility for Windows makes creating CSRs a breeze. With our tool, you may produce the CSR in a matter of seconds.

Download and save the DigiCert Certificate Utility for Windows zip file to a Windows computer (DigiCertUtil.zip).

Run the DigiCert Certificate Utility for Windows after extracting the DigiCertUtil.exe file from the zip file (double-click DigiCertUtil.exe).

Click SSL (gold lock) and then Create CSR in the DigiCert Certificate Utility for Windows.

II. Tomcat Server: Install Your SSL/TLS Certificate

You can use the DigiCert® Certificate Utility for Windows to prepare the certificate file for installation on your Tomcat server when DigiCert validates your order and issues your SSL/TLS certificate.

Note: If you haven’t yet acquired your SSL/TLS certificate using the DigiCert Certificate Utility, see Tomcat Server: Create Your CSR using the DigiCert Utility.

Follow the instructions below to install an SSL/TLS certificate on your Tomcat server.

Import your SSL/TLS certificate to your Windows machine using the DigiCert Certificate Utility.

Step 1: Import Your SSL/TLS Certificate

1.Use the DigiCert Certificate Utility to import your SSL/TLS certificate after DigiCert has issued it.

2.Run the DigiCert Certificate Utility for Windows on the Windows machine where you created the CSR (double-click DigiCertUtil.exe).

3.Click SSL (gold lock) in DigiCert Certificate Utility for Windows, then Import.

Setup a Certificate

4.Under File Name, in the Certificate Import box, select Browse and navigate to the.p7b certificate file (e.g., your domain com.p7b) that DigiCert supplied you, then click Open and Next.

Certificate of Import

5.Type a friendly name for the certificate in the Enter a new friendly name or accept the default box.

6.The friendly name is used to identify the certificate and is not part of the certificate.

7.add DigiCert and the expiration date to the end of your friendly name, for example, your site-DigiCert-expiration date (expiration date). This information aids in determining the certificate’s issuer and expiration date. It also aids in the differentiation of certificates with the same domain name.

Friendly names

8.Click Finish to add the SSL/TLS certificate to your server.

9.The certificate should be successfully imported, according to the notification.

10.Your SSL/TLS certificate should now be visible in the DigiCert Certificate Utility for Windows.

Your SSL/TLS certificate can now be exported as a.pfx file.

Step 2: Export Your SSL/TLS Certificate in a.PFX Format

Use the DigiCert Certificate Utility to export your SSL/TLS certificate as a.pfx file after importing it to your Windows machine.

1.Use the DigiCert Certificate Utility for Windows to create a digital certificate (double-click DigiCertUtil.exe).

2.Click SSL (gold lock) in the DigiCert Certificate Utility for Windows, then pick the SSL/TLS certificate you wish to export as a.pfx file and click Export Certificate.

Certificate of Export

3.Select Yes, export the private key, select pfx file, check to Include all certificates in the certification path if possible, and then click Next in the Certificate Export wizard.

Exporting PFX Files

4.Create and confirm a password in the Password and Confirm Password boxes, then click Next.

Password

5.After that, click…, browse for and select a location to save the. pfx file, and then click Save.

Where is the file located?

Click Finish to export the SSL/TLS certificate with the private key.

Click OK when you see the message “Your certificate and key have been successfully exported.”

A.pfx file has been created from your SSL/TLS certificate.

Step 3: Configure an SSL/TLS Connector in Tomcat

After you’ve downloaded the. pfx file, you’ll need to install it on your Tomcat server and configure it to use it.

1.The.pfx file should be copied to your Tomcat server.

2.Locate server.xml in your Tomcat installation directory.

3.Locate (or create) the 443 connectors and modify them to utilize your new Keystore.

4.The complete path to your pfx file is the Keystore file.

5.The password you created when exporting the pfx is keystorePass.

“PKCS12” must be selected as the Keystore type.

6.Make your modifications to server.xml and save them.

7.Tomcat should be restarted.

Congratulations! Your SSL/TLS certificate has been successfully installed.

Test Your SSL/TLS Certificate Installation

Is your website open to the public? Then, to test your SSL/TLS certificate installation, use our DigiCert® SSL Installation Diagnostic Tool; it detects frequent installation issues.

Troubleshooting

If you run across certificate trust issues, try utilizing DigiCert® Certificate Utility for Windows to rectify them. If the errors persist, contact customer service.