Close Window x

Frequently Asked Questions

Help Center Search

Installing an SSL Certificate in Tomcat 4.x/5.x/6.x

Print this Article
Comment on this Article
Last Updated: October 16, 2009 1:05 PM

After your certificate request is approved, you can download your SSL and intermediate certificate from within the SSL application. For more information see Downloading Your SSL Certificate. Both of these files must be installed on your Web server.

You may install the certificates in one of two ways: Install, signed certificate and root certificate bundle (gd_bundle.crt) or install signed certificate and two intermediate certificates (gd_intermediate.crt and gd_cross_intermediate.crt).

NOTE: Java 2 SDK 1.2 or above must be installed as the following describes how to install a certificate using keytool.

Installation Option One: Install the SSL Certificate and CA Bundle (gd_bundle.crt) Implementing a PKCS12 Keystore

Before you install your SSL certificate you must download our root certificate bundle (gd_bundle.crt) on your Web server. You may download the bundle from the repository.

Use the following OpenSSL command to combine the ca bundle gd_bundle.crt and your SSL certificate:

openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in <name of your certificate> -inkey <name of your certificate private key file> -out keystore.tomcat -name tomcat -passout pass:changeit

Updating the server.xml Configuration File

When you have completed installing your certificate, you must configure your Tomcat server.xml configuration file to point to the correct pkcs12 keystore file:

  1. Open the server.xml file.
  2. After uncommenting the SSL/TLS connector from server.xml, locate the following Factory tag section and COMMENT IT OUT:
    <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" />
  3. Add the following directives to the Connector tag:
    keystoreFile=<path to>\keystore.tomcat
    keystorePass="changeit"
    keystoreType="PKCS12"
  4. Restart Tomcat.

Installation Option Two: Install the SSL Certificate and Intermediate Certificate Separately

Installing Root and Intermediate Certificates

Once you have downloaded the certificates to your local machine, please use the following keytool commands to import them:

Root:

keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file valicert_class2_root.crt

First intermediate (gd_cross_intermediate.crt):

keytool -import -alias cross -keystore tomcat.keystore -trustcacerts -file gd_cross_intermediate.crt

Second intermediate (gd_intermediate.crt):

keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file gd_intermediate.crt

Installing SSL Certificate

Use the following command to import the issued certificate into your keystore.

keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file <name of your certificate>

Updating the server.xml Configuration File

When you have completed installing your certificate, you must configure your Tomcat server.xml configuration file to point to the correct keystore file:

  1. Open the server.xml file.
  2. After uncommenting the SSL/TLS connector from server.xml, locate the following text section:
    <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" />
  3. Add the "keystoreFile" and "keystorePass directives:
    <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="/full/path/to/tomcat.keystore" keystorePass="changeit" />
  4. Restart Tomcat.