Install an SSL Certificate on Tomcat

Solution ID:    SO14876    Updated:    06/21/2016

Solution

Follow the instructions below to install the certificate on a Tomcat Server
 

Step 1: Download your Thawte certificate in PKCS#7 format

  1. You will receive an email when your certificate is issued.
  2. You can also download the certificate from your account:
  3. Download the PKCS#7 format. Copy and Paste your Thawte certificate to a plain text editor such as Notepad or Vi and save as cert.p7b
    Note: Make sure there are 5 dashes to either side of the BEGIN PKCS#7 and END PKCS#7 and that no white space, extra line breaks or additional characters have been inadvertently added.
     

Step 2: Install your certificate

  1. Import the certificate into the Java keystore using the following keytool command: 
     
    keytool -import -alias [enter_alias_name] -trustcacerts -file cert.p7b -keystore [enter_keystore_name]

    Note: The alias name and keystore name in this command must be the same as the alias name and keystore name
    used during the generation of the private key and CSR.

    Note: During the import you might get following error: Error: "java.lang.Exception: Input not an X.509 certificate"
    Click here to troubleshoot this error message.
     

Alternate installation instruction if above error with "keytool error: certificatessxception: Input not an X.509 certificate" occur.

  1. Follow Step 1 by downloading an X.509 certificate file format.
  2. Download the Intermediate certificate
  3. Select the Intermediate CA link based on your certificate product type.  Once you have the SSL certificate & Intermediate CA certificate file, begin the import process.
    Note: It is imperative the installation of Intermediate CA and SSL certificate on the keystore is followed below.
  4. Import the Intermediate certificate (e.g., use alias: intermediate)

    keytool -import -alias intermediate -trustcacerts -file intermediate_file_name  -keystore [enter_keystore_name]
     
  5. Import the SSL certificate (Use the same alias name based on the created keystore and submitted CSR from Thawte)

    keytool -import -alias [enter_alias_name] -trustcacerts -file X.509_file_name  -keystore [enter_keystore_name]

     

Step 3: Confirm the contents of the keystore

Enter the following command to list the contents of the keystore:

keytool -list -v -keystore  your_keystore_filename > output_filename.txt

For Example:

View the contents of the output file.

The SSL certificate is imported into the alias with the "Entry Type" of PrivateKeyEntry or KeyEntry.  If not, please import the certificate into the Private Key alias.
 

Step 4: Configure Tomcat server

  1. Configure Tomcat to reference the correct keystore and keystore password.
     

Note: Tomcat keeps its configuration information in the server.xml file.

Note: Tomcat runs SSL over port 8443. Make sure that this port is enabled on the Tomcat server and any firewalls/proxies this server may lie behind.
 

Step 5: Verify the Certificate Installation

To verify if your certificate is installed correctly, use the Thawte Installation Checker

 

Tomcat Support

See the Tomcat website for more information.

 

Disclaimer:

Thawte has made efforts to ensure the accuracy and completeness of the information in this document. However, Thawte makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. Thawte assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document. Further, Thawte assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. Thawte reserves the right to make changes to any information herein without further notice.  

Knowledge Center


Search Tips