Installing the PKCS#7 version of your SSL certificate in Tomcat

Solution ID:    SO15499    Updated:    08/01/2010


Step 1 - Installation Instructions:

The following installation instructions will only work for SSL certificates purchased through the thawte retail website and have a Thawte Certificate Center (TCC) or Enterprise (TCCE) account then keep reading on.

Note: If you purchased your SSL through a thawte Reseller and dont have a Thawte Certificate Center (TCC) account the below instructions will not work for your type of certificate. You MUST follow the Tomcat installation instructions in SO15518

Step 2 - Download and save your SSL Certificate

Download your SSL certificate as per the instruction on the following solution: SO13187

Note: You MUST download your SSL certificate in PKCS#7 format for the installation to be successful, if you are unsure of the format, please visit SO13187 and ensure you download your SSL in PKCS#7 format.

Step 3 - Importing your Certificate into the Keystore

It is recommended that you have your Keystore, SSL certificate and Keytool.exe in the same folder or you will need to specify the full file path when running the following commands.

To import the SSL certificate into the keystore, use the following keytool command:

  • keytool -import -alias aliasname -trustcacerts -file sslcert.p7b -keystore keystore.kdb

Note: When executing the above command, replace the above text in bold with the actual Alias and file names you have.

If the installation is successful you will see "Certificate reply was installed in keystore". If the import failed, please search for the error in our knowledgebase

Step 4 - Configure the Tomcat server

  1. Locate the apache config file (example Server.xml), the config file name can be different depending on your Tomcat version or flavour. The config file will need to be updated to reference your keystore file and password.
  2. Open the Server.xml file in a text editor (such as vi or notepad)
  3. Find the following section of code in the file (try searching for SSL Connector) and remove the comment tags around the connector entry (highlighted in red).
  4. <-- SSL Connector on Port 8443 -->
          port="8443" minProcessors="5"
          connectionTimeout="60000" debug="0"
           scheme="https" secure="true">
                 clientAuth="false" protocol="TLS"
                 keystoreFile="insert path to the keystore here">
                 keystorePass="insert keystore password here">

  5. Update the text in bold with the full path to each file (example "C:/tomcat/bin/certs/keystore.kdb")
  6. Save the Server.xml file
  7. Start Tomcat

Note: By default Tomcat runs SSL over port 8443. Make sure that this port is enabled on the Tomcat server and any firewalls/proxies this server may lie behind.

Verify the installation of the thawte certificate chain using our SSL checker: 



Thawte has made efforts to ensure the accuracy and completeness of the information in this document. However, Thawte makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. Thawte assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document. Further, Thawte assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. Thawte reserves the right to make changes to any information herein without further notice.  

Knowledge Center

Search Tips