How to Install an SSL certificate in Tomcat

This quick guide walks you through the crucial aspects of a proper Tomcat SSL installation. You will master how to install an SSL Certificate in Tomcat and will discover the best place to buy an SSL certificate for your Tomcat server.

Table of Contents

  1. Generate a CSR code for Tomcat
  2. Install an SSL Certificate in Tomcat
  3. Test your Tomcat SSL installation
  4. Where to buy the best SSL Certificate for Tomcat?

We also recorded a video that walks you through the entire process. You can watch the video, read the instructions, or do both. You can watch the video below.

Generate a CSR code for Tomcat

CSR stands for Certificate Signing Request, a block of text containing current details about your domain ownership and company. All buyers of commercial SSL certificates must submit the CSR to their Certificate Authority to pass the SSL validation and obtain the certificate.

You have two options:

  1. Use our CSR Generator to create the CSR automatically.
  2. Follow our step-by-step tutorial on how to generate CSR on Tomcat.

After the Certificate Authority validates your request and sends you the SSL files, proceed to the SSL installation.

Install an SSL Certificate in Tomcat

Step 1: Prepare your SSL certificate files

Depending on your Certificate Authority, your SSL files may be in PKCS#7 format (.p7b or .cer extensions) or PEM format (.crt extension). Determine your files’ format and follow the instructions below:

PKCS#7 format

As it already contains the required root and intermediate certificates, all you have to do is run the following command to add it into the keystore:

keytool -import -trustcacerts -alias ssldragon -keystore example.jks -file example.p7b

Note: Replace ssldragon and example with your alias and file names.

If you see the message “Certificate reply was installed in keystore”, you’ve successfully imported the certificate. You can use the following command to check the details of your certificate:

keytool -list -keystore example.jks –v.

PEM format

You have to import all the necessary certificate files separately in the correct order. Run the commands below for each certificate type:

Root Certificate:

keytool -import -alias root -keystore example.jks -trustcacerts -file root.crt

Intermediate Certificate:

keytool -import -alias intermediate -keystore example.jks -trustcacerts -file intermediate.crt

If your certificate includes several intermediate certificates, you should import all of them in the keystore. Please, follow the correct sequences. For example, for Sectigo PositiveSSL Certificate you should import:

  1. The certificate signed by the root (e.g. crt)
  2. The intermediate certificate (e.g. crt)
  3. The intermediate certificate that signs the certificate issued for your domain (e.g. crt)

Primary Certificate (the one issued for your domain):

keytool -import -alias ssldragon -keystore example.jks -file example.crt

Note: Replace the alias with the your own one.

Step 2: Edit the Tomcat configuration file

After the import, your next step is to edit the Tomcat configuration file. By default, it’s called server.xml and resides in the Home_Directory/conf folder.

Locate the configuration file.You should see a few lines of code similar to the example below:

<Connector port="443" protocol="HTTP/1.1"
scheme="https" secure="true" clientAuth="false"
sslProtocol="TLS" keystoreFile="/your_path/yourkeystore.jks"
keystorePass="password_for_your_key_store" />

Please change the parts in bold. For keystoreFile parameter, specify the directory of your keystoreFile. For keystorePass attribute, enter your keystore password.

Note: If this is your first Tomcat configuration, the keystoreFile and kyestorePass lines may be missing. You will have to manually add them. Also, you will need to uncomment the connector by removing the comment tags (<!– and –>).

Step 3: Save your .xml file and restart your Tomcat server

Congratulations! You’ve successfully installed an SSL certificate on Tomcat.

Test your Tomcat SSL installation

After you install an SSL certificate in Tomcat, several unnoticed errors may creep in and affect the performance of your certificate. Make a habit of checking your SSL installation regularly. Use one of these high-end SSL tools to get instant scans and reports.

Where to buy the best SSL Certificate for Tomcat?

SSL Dragon is your one-stop place for all your SSL needs. We’re partners with the best Certificate Authorities on the market, and offer the most competitive prices across the entire range of our SSL products. All our certificates are compatible with the Tomcat server. Whether you want to secure a blog or a network of e-commerce sites, we’ve got you covered.

You can find the perfect SSL Certificate for your project and budget with the help of our handy SSL Wizard and Certificate Filter. The first tool offers a quick and highly accurate.

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.

Save 10% on SSL Certificates when ordering today!

Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10

Written by

Experienced content writer specializing in SSL Certificates. Transforming intricate cybersecurity topics into clear, engaging content. Contribute to improving digital security through impactful narratives.