(1 votes, average: 5.00 out of 5)
Loading...How to Install an SSL Certificate in Tomcat?
(1 votes, average: 5.00 out of 5)Loading...
Apache Tomcat is among the most commonly used servlets and web server technologies and helps support the hosting of Java-based applications. Installing an SSL certificate allows users to access the web application using an encrypted connection (HTTPS), keeping sensitive data safe and providing a means of creating user trust.
This guide explains how to set up an SSL certificate on Tomcat by using different certificate file formats, including PKCS #7. (.p7b), PEM (.crt), and PKCS#12 (.pfx/.p12).
How to Generate a CSR on Tomcat?
Step 1: Create the Keystore and Private Key
Run this in a terminal and (replace hostnames/paths as needed):
keytool -genkeypair \
-alias tomcat \
-keyalg RSA -keysize 2048 \
-keystore yourdomain.p12 -storetype PKCS1You’ll be prompted to create a keystore password and a key password (can be the same).
Step 2: Enter your Organization Details (DN)
Keytool will prompt for the Distinguished Name (DN) details to generate the CSR:
- C (Country): two-letter code (e.g., US)
- ST (State/Province): e.g., California
- L (Locality/City): e.g., San Jose
- O (Organization): e.g., Your Company LLC
- OU (Organization Unit): skip
- CN (Common Name): exact Fully Qualified Domain Name (FQDN) that will be secured with the certificate or a wildcard e.g., *.yourdomain.com
Note: The CN is defined as “What is the First Name & Last Name of the certificate requestor.” meaning type FQDN instead of a person.
Step 3: Create the CSR code
Modern clients validate SAN (Subject Alternative Name), not CN alone. Request SANs directly in the CSR:
keytool -certreq \
-alias tomcat \
-keystore example.p12 \
-file yourdomain.csr \
-ext SAN=DNS:yourdomain.com,DNS:www.yourdomain.comStep 4: Submit the CSR
The CSR code is generated and stored in the file named yourdomain.csr. You can open the file using any text editor you prefer and copy/paste the contents into your buying order. To ensure you don’t miss any lines, use Ctrl+A to highlight everything in the file.
Steps for SSL Installation in Tomcat Server
Step 1: Prepare your SSL certificate files
Your SSL Certificate files may be stored in PKCS#7 (p7b or cer extensions) or PEM (crt extension). It is important to know whether you have PKCS#7 or PEM-formatted files so that you can use the correct method described below:
PKCS#7 Format
Since PKCS#7 files already contain the necessary Root and Intermediate Certificates, you will need to run this command to import them into your Keystore as shown below:
keytool -import -trustcacerts -alias server -file your_file_name.p7b -keystore your_domain_name.jksNote: Replace “your_domain_name” with the primary domain you will be securing and “your_file_name” with the PKCS#7 file name that you recently converted & saved.
If you see the message “Certificate reply was installed in keystore”, you’ve successfully imported the certificate. You can use the following command to check the details of your certificate:
keytool -list -keystore example.jks –vPEM Format
You have to import all the necessary certificate files separately in the correct order. Run the commands below for each certificate type:
Root Certificate:
keytool -import -alias root -keystore example.jks -trustcacerts -file root.crtIntermediate Certificate
keytool -import -alias intermediate -keystore example.jks -trustcacerts -file intermediate.crtYou will need to import all the intermediate certificates that are included in your certificate into the keystore. You must also follow the correct sequence when doing so.
Step 2: Edit the Tomcat Configuration File
After the import, your next step is to edit the Tomcat configuration file. By default, it’s called server.xml and resides in the Home_Directory/conf folder.
Locate the configuration file. You should see a few lines of code similar to the example below:
<Connector port="443" protocol="HTTP/1.1"
SSLEnabled="true"
scheme="https" secure="true" clientAuth="false"
sslProtocol="TLS" keystoreFile="/your_path/yourkeystore.jks"
keystorePass="password_for_your_key_store" />Please change the parts in bold. For the keystoreFile parameter, specify the directory of your keystore file. For the keystorePass attribute, enter your keystore password.
Note: If this is your first Tomcat configuration, the keystoreFile and keystorePass lines may be missing. You will have to manually add them. Also, you will need to uncomment the connector by removing the comment tags (<!– and –>).
Step 3: Save your .xml file and restart your Tomcat server
You have installed your SSL Certificate on Tomcat! Now that you have done so, there could be errors with your SSL Certificate installation and/or performance. Review your SSL installation routinely. Use one of these premier SSL products for instant scans and reports.
Conclusion
When you install an SSL Certificate on a Tomcat web server, you are enhancing the security of your JAVA web applications by enabling HTTPS encryption, protecting the privacy of your users’ confidential data, as well as building confidence in your business and ensuring you are in compliance with government regulations.
By importing the appropriate certificates into your keystore and configuring the Tomcat Server properties correctly, you will provide secure communication and Web traffic for your web applications.
You can purchase SSL Certificates at discount prices and you are welcome to contact our support staff anytime you have a question regarding SSL Certificate Installation, Configuration, or Troubleshooting.
