Help Center

Tomcat Format SSL Installation Guide

Updated Time:2022-09-23  Views:4262

Tomcat PKCS#7 Format SSL Installation Guide

Note: If you use the PKCS#7 format SSL certificate, you do not need to download the intermediate certificate separately.

Step 1: Download the SSL Certificate

Note: Make sure to select PKCS#7 format when downloading 
According to Tomcat's naming rules, rename the certificate in .p7b format, for example: ssl_cert.p7b.

Step 2: Import the certificate into the keystore

Enter the following command to import the certificate into the SSL certificate: 
keytool -import-alias your_alias_name-trustcacerts-file ssl_cert.p7b-keystore Your_keystore_filename 
Note: alias name and keystore name must be the same as when creating CSR and key. 
Note: The following error message may appear during the import process: Error:
 "java.lang.Exception: Input not an X.509 certificate"

Step 3: Confirm the contents of the keystore

Enter the following command to list the contents of the keystore: 
  keytool-list-v-keystore your_keystore_filename >output_filename 
Example:

Check out the output:

After the certificate is imported, make sure that the category of the Entry Type is PrivateKeyEntry or KeyEntry. Certificate Chain length is 4.

Step 4: Configure the Tomcat server

Once the certificate has been imported into the keystore, follow the steps below to configure server.xml to activate SSL.

 

 

Tomcat X.509 Format SSL Installation Guide

 

Step 1: Install the Intermediate Certificate

1. Select the intermediate CA certificate that is suitable for your SSL certificate.
2. Copy the intermediate CA and paste it into Notepad or other TXT text editor and archive the file as Intermediate.cer.
3. Use the following command to import the intermediate certificate into the keystore:
  keytool -import-trustcacerts-alias Intermediate-keystore your_keystore_filename-file intermediate.cer
Example:

Step 2: Get an SSL Certificate

1. The SSL certificate will be sent to the user via email. 
Users can also obtain SSL certificates by logging in to the User Center.
2. Please copy and paste the body of the email into a TXT text editor such as Vi or Notepad. When downloading the certificate, please select the X.509 format.
  Example of certificate body: 
  -----BEGIN CERTIFICATE----- 
       [encrypted data] 
  -----END CERTIFICATE-----
3. According to the naming rules of Tomcat, archive the certificate in .cer format, such as: ssl_cert.cer. 
4. Import the certificate using the following command: 
  keytool-import-trustcacerts-alias your_alias_name-keystore your_keystore_filename-file your_certificate_filename
Example:

Note: alias name and keystore name must be the same as when creating CSR and key.

Step 3: Confirm the contents of the keystore

1. Enter the following command to list the contents of the keystore: 
keytool-list -v-keystore your_keystore_filename >output_filename Example:

Check out the output:

3. After the certificate is imported, make sure that the Entry Type is PrivateKeyEntry or KeyEntry. Certificate Chain length is 4.

Step 4: Configure the Tomcat server

Once the certificate has been imported into the keystore, follow the steps below to configure server.xml to activate SSL.

 

 

 

 

 

Copyright© 2023 GNAME.COM. All rights reserved. Legal Statement | Privacy Policy