SSL Certificate Installation Guideline for Tomcat

How to Install the SSL certificate to the Keystore:

Step 1 – Log into your certificate authority's Management Console.

Step 2 – Now, download the SSL certificate file, in format of your_domain_name.p7b. Save it to the directory where, during the CSR creation process, you saved your keystore.

Note: If you install your SSL certificate to a different keystore, the install command will not work properly in the next step. Therefore it is important for the users to make sure they install the certificate file to the same keystore with the same alias name that they used while generating the CSR.

How to configure your SSL connector?

You need to configure an SSL connector before the server can accept a secure connection. Here is how to configure it:

Step 1 – Open the '.xml' file of Tomcat server in a text editor. The '.xml', file is usually located in the conf folder in your server’s home directory.

Step 2 – Now locate the connector for which you intend to use the new keystore to secure. Normally, the connector with port 443 or 8443 is used as shown in the Step 4 below.

Step 3 – Uncomment the connector if necessary. To uncomment the connector, you need to remove the comment tags (.)

Step 4 – In your connector configuration, you need to specify the correct keystore filename and password:

< Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="/home/user_name/your_site_name.jks" keystorePass="your_keystore_password" />

All the users with the Tomcat version prior to Tomcat 7 need to change 'keystorePass' to 'keypass' in the above comment.

Step 5 – Save all the changes made to the server .xml file.

Step 6 – Hit 'Restart' to complete the SSL installation process on your Tomcat server.