Redirecting you to
Tech Document Sep 26, 2018

How to Install Certificates on Tomcat KeyStore

This article provides detailed instructions on installing certificates for Tomcat KeyStore.

  1. To install the SSL Certificate file to your keystore, type the following command:

    keytool -import -trustcacerts -alias server -file your_site_name.p7b -keystore your_site_name.jks

  2. You should get a confirmation stating that the "Certificate reply was installed in keystore."
  3. If asked if you want to trust the certificate, choose y or yes.
  4. Your keystore file (your_site_name.jks) is now ready to be used on your Tomcat Server. Now, you need to configure your server to use it.

You must install the SSL Certificate file to the same keystore and under the same alias name (i.e. "server") that you used to generate your CSR. If you try to install it to a different keystore, the install command in the next step will not work.

Configuring your SSL Connector

Before Tomcat can accept secure connections, you need to configure an SSL Connector.

  1. In a text editor, open the Tomcat server.xml file.

    The server.xml file is usually located in the conf folder of your Tomcat's home directory.

  2. Locate the connector that you want to use the new keystore to secure.

    Usually, a connector with port 443 or 8443 is used, as shown in step 4.

  3. If necessary, uncomment the connector.

    To uncomment a connector, remove the comment tags (<!-- and -->).

  4. Specify the correct keystore filename and password in your connector configuration.

    When you are done, your connector should look something like this:

    <Connector <strong>port="443"</strong> maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" <strong>SSLEnabled="true"</strong> clientAuth="false" sslProtocol="TLS"<strong>keyAlias="server" keystoreFile="/home/user_name/your_site_name.jks" keystorePass="your_keystore_password"</strong> />

    Note: If you are using a version of Tomcat prior to Tomcat 7, you need to change "keystorePass" to "keypass".

  5. Save your changes to the server.xml file.
  6. Restart Tomcat.