Installation Instructions for Apache Tomcat

Solution ID:    SO25699    Updated:    09/29/2015


This document provides instructions for installing an SSL certificate on Tomcat using the PKCS#7 formatted certificate.
Step 1:  Download the SSL certificate
  1. Download your certificate from the unique secure link we provide your technical contact via order fulfillment email.
  2. The ZIP file you download contain the SSL and Intermediate CA certificate in PKCS#7 file (i.e. ssl_certificate.p7b).
  3. Unzip the files onto the server where you will install the certificate.
Step 2: Import the SSL certificate into the keystore
  1. At the command prompt, enter:

    keytool -import -alias your_alias_name -trustcacerts -file ssl_certificate.p7b -keystore your_keystore_filename
NOTE: The alias name and keystore name in this command must be the same as the alias name and keystore name used during the generation of the private key and certificate signing request (CSR).
During the import you might encounter the following error: Error: "java.lang.Exception: Input not an X.509 certificate." To troubleshoot this error, refer to solution: SO4333
If you are unable to use these instructions for your server, Thawte recommends that you contact either the vendor of your software or an organization that supports Tomcat. 
Step 3: Confirm contents of the keystore
  1. At the command prompt, enter:

    keytool -list -v -keystore  your_keystore_filename >output_filename

    For Example:

  2. View the contents of the keystore.

    Verify the following information:

    The end entity certificate is imported into the alias with the "Entry Type" of PrivateKeyEntry or KeyEntry.  If not, import the certificate into the Private Key alias.

    NOTE: The Certificate chain length: tells you the keystore was successful in establishing the certificate chain, and your keystore is ready for use.
Step 4: Configure Tomcat Server

Once the certificates are imported into the keystore, configure your server.xml to enable SSL. Refer to solution: SO2144

Step 5: Verify certificate installation

To verify if your certificate is installed correctly, use the Thawte Installation Checker

For more information, see Tomcat Support website.



Thawte has made efforts to ensure the accuracy and completeness of the information in this document. However, Thawte makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. Thawte assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document. Further, Thawte assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. Thawte reserves the right to make changes to any information herein without further notice.  

Find Answers

Search Tips