Installing your SSL: Tomcat

To install your SSL certificate, you will need to do the following:

Part 1: Install the Certificates

Please note: You must carry out the following tasks in this order:

  • Step 1 of 7

    Copy your SSL Certificate into a text editor and save as mydomain.pem where mydomain is the common name in your SSL certificate.

  • Step 2 of 7

    Download the appropriate Root Certificate and save it in a text editor as root.crt:

  • Step 3 of 7

    Download the appropriate Intermediate Certificate(s) and save it in a text editor as intermediate.crt:

    Please note: The EV Bundle must be saved as evbundle.pem.

  • Step 4 of 7

    Import the certificates:

    Please note: The certificates must be installed in the keystore that was used to generate your CSR.

  • a

    Import the root certificate using:

    keytool -import -trustcacerts -alias root -file root.crt -keystore NEWkeystore

    With NEWkeystore being your keystore.

  • b

    Import the appropriate intermediate certificate or EV Bundle will be using the following command:

    keytool -import -trustcacerts -alias INTER -file inter.crt -keystore NEWkeystore

    With NEWkeystore being your keystore.

  • c

    Import the domain.crt file using:

    keytool -import -trustcacerts -alias globalsigncertNEW -file domain.crt -keystore NEWkeystore

    With NEWkeystore being your keystore.

    Edit the file name and include the file pathname for each certificate in the above commands.

    The keyword after -alias is the unique friendly name you assigned to each certificate when generating your private key and CSR and should be edited to accordingly.

Part 2: Update server.xml configuration file

  • Step 1 of 4

    Open $JAKARTA_HOME/conf/server.xml in a text editor.

  • Step 2 of 4

    Find the following section:

    - <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->

    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="443" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="100" debug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadTimeout="true">

    <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="mystore.kdb" keystorePass="YOUR_KEYSTORE_PASSWORD" />


  • Step 3 of 4

    If you want Tomcat to use the default SSL port, change all instances of the port number 8443 to 443.

  • Step 4 of 4

    Start or restart Tomcat for the changes to take effect.