SSL Certificates

Installation Instructions - Jakarta-Tomcat

Your certificate will be sent to you by email. The email message includes the web server certificate that you purchased in the body of the email message.

Copy the certificate from the body of the email and paste it into a text editor (such as notepad) to create text files.

The following certificate installations must be executed in the stated order.

You will need to download either the FreeSSL or RapidSSL root CA certificate:
Download - RapidSSL Root Certificate (Base-64 encoded X.509)
Download - FreeSSL Root Certificate (Base-64 encoded X.509)
Download and rename root.cer

  1. Import the appropriate root certificate file using:

    $ keytool -import - trustcacerts -keystore my.kdb -alias root - file root.cer

    With my.kdb being your keystore.
  2. Import the yourdomain.cer file using:

    keytool -import -trustcacerts -keystore my.kdb -alias tomcat -file yourdomain.cer

    With my.kdb being your keystore.
  3. Update server.xml configuration file:
  4. Open "$JAKARTA_HOME/conf/server.xml" in a text editor.
  5. Find the following section:

    Define a SSL Coyote HTTP/1.1 Connector on port 8443
    -->

    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
    port="443" minProcessors="5" maxProcessors="75"
    enableLookups="true"
    acceptCount="100" debug="0" scheme="https" secure="true"
    useURIValidationHack="false" disableUploadTimeout="true">

    <Factory
    className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
    clientAuth="false"
    protocol="TLS"
    keystoreFile="my.kdb"
    keystorePass="YOUR_KEYSTORE_PASSWORD" />

    </Connector>

  6. If you want Tomcat to use the default SSL port, change all instances of the port number 8443 to 443.
  7. Start or restart Tomcat using the appropriate startup script (startup.sh for unix/linux or startup.bat for windows)

» Return to Install Instruction List