TLS certificate installation on an Apache Tomcat server

Apache Tomcat is an open source web server from the creators of the Apache server. Tomcat is based on Java. This article describes how to install it on this server.

Installing a TLS certificate on the server

The issued SSL certificate is delivered by email. The certificate arrives in text form encoded in Base64 format. Create a certificate.crt file and copy it to your server.

Follow the same procedure to create an Intermediate certificate file intermediate.cer. Finally join two .crt files into one p7b file using OpenSSL:

openssl crl2pkcs7 -nocrl -certfile certificate.cer -certfile intermediate.cer -out certificates.p7b

Import the new p7b file into the Java keystore server with the command:
keytool -import -alias [tomcat] -trustcacerts -file certificates.p7b -keystore [keystorename]
If you see a keytool error: certificatessxception: Input not an X.509 certificate, follow the following procedure.

Prepare a file with the certificate and both Intermediate certificates. Import the Primary Intermediate:
keytool -import -alias primary -trustcacerts -file primary_intermediate_file_name -keystore [keystorename]
Then import the Secondary Intermediate:
keytool -import -alias secondary -trustcacerts -file secondary_intermediate_file_name -keystore [keystorename]
Finally import the leaf (domain) TLS certificate:
keytool -import -alias [your_alias_name] -trustcacerts -file X.509_file_name -keystore [keystorename]

Now you need to configure the SSL Connector. Open the server.xml file located in the folder /conf/server.xml. In the configuration, find the connector that should work for the new keystore and uncomment it if necessary. Specify the correct file location and password in the connector configuration. The correct configuration looks similar to this:
< Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS"keyAlias="server" keystoreFile="/home/user_name/your_site_name.jks" keypass="your_keystore_password" / >

Save the changes to an XML file and restart the server.

Note: Tomcat uses port 8443 for TLS.

Is everything alright? Check the certificate installation in our simple tool. For more information read the article Check installation of TLS certificate.


Pomoc s SSL certifikáty

Are you lost?

Write us
info@sslmarket.co.uk
Contact form