Help Center Install on Tomcat

Installing SSL Certificate on Tomcat

You can find instructions for installing an SSL certificate on a Tomcat web server below.

Before You Start

Before you start, please make sure you have downloaded your certificate files. Still haven't downloaded your certificate? To get instructions for how to download your certificate (.zip), you can click here.

After downloading your certificate, you should have a ZIP containing the following certificate files:

  • certificate.crt
  • ca_bundle.crt
  • private.key

Step 1: Convert Certificate Files

First and foremost, you will need to convert your certificate.crt and ca_bundle.crt files from PEM (.crt) to PKCS#7 (.p7b). This can be done easily by using the OpenSSL command below:

openssl crl2pkcs7 -nocrl -certfile certificate.crt -out certificate.p7b -certfile ca_bundle.crt

Step 2: Upload Certificate Files to Server

Upload your converted certificate files (certificate.p7b and ca_bundle.p7b) as well as your private.key file to your server in a directory of your choice.

Step 3: Run Install Command

Next, you will need to run the following command in order to install your certificate:

keytool -import -trustcacerts -alias server -file your_file_name.p7b -keystore your_domain_name.jks

If your installation was successful, you should receive the following message: "Certificate reply was installed in keystore.". If you are prompted to confirm whether or not this certificate should be trusted, enter "Y" or "Yes" in order to confirm.

Step 4: Configure SSL Connector

Next, you will need to configure an SSL connector on your server, which will allow the server to accept secure connections via HTTPS. Locate and open the .xml configuration file, which is typically stored in the conf folder of your server's home directory.

Enter the keystore filename and password, as seen in the example below:

<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150"  minSpareThreads="25" maxSpareThreads="75"  enableLookups="false" disableUploadTimeout="true"  acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server"  keystoreFile="/home/user_name/your_domain_name.jks"  keystorePass="your_keystore_password" />

Step 5: Restart Tomcat Server

Finally, restart your Tomcat server in order for your changes to come into effect.

Check Installation

Congratulations, you have completed all required steps to install your SSL certificate. To check whether or not your certificate has been installed correctly, simply use the built-in ZeroSSL "Check Installation" tool or try accessing your domain using HTTPS, e.g. https://domain.com.