Installing SSL Certificate for Tomcat

From certificate authorities like you will get the files below:
  • <domainname>.com.crt 
  • gd_bundle.crt
  • gd_intermediate.crt 
  • gd_cross_intermediate.crt
  • <domainname>.pfx 

You may install the certificates in one of two ways:

  1. Install, signed certificate and root certificate bundle (gd_bundle.crt) 
  2. Install signed certificate and two intermediate certificates (gd_intermediate.crt and gd_cross_intermediate.crt)

Installing the SSL Certificate and CA Bundle (gd_bundle.crt) and Implementing a PKCS12 Keystore in Tomcat: 

 Generate the PKCS12 output from the .pfx file

openssl pkcs12 -in <domainname>.pfx -out <domainname>.c

2.      From the generated output( <domainname>.c ), using vi copy only private key and save it as a different file ( <domainname>.key ) and the same way copy the root certificate and save it as a different file ( your-company-name.crt )

3.      Now using the gd_bundle.crt , <domainname>.key, <domainname>.crt – Generate a keystore file. Use the following command:

openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in <domainname>.crt -inkey <domainname>.key -out keystore.tomcat -name tomcat -passout pass:changeit

Updating the server.xml Configuration File
When you have completed installing your certificate, you must configure your Tomcat server.xml configuration file to point to the correct pkcs12 keystore file:
Configure the tomcat SSL connector to use the keystore by adding the below lines,


Restart Tomcat.

Share this

Related Posts

Next Post »

What do you think about this Article? Add your Opinion..! EmoticonEmoticon