Sharing Knowledge | System Admin Articles

Installing SSL Certificate for Tomcat





From certificate authorities like you will get the files below:
  • <domainname>.com.crt 
  • gd_bundle.crt
  • gd_intermediate.crt 
  • gd_cross_intermediate.crt
  • <domainname>.pfx 



You may install the certificates in one of two ways:

  1. Install, signed certificate and root certificate bundle (gd_bundle.crt) 
  2. Install signed certificate and two intermediate certificates (gd_intermediate.crt and gd_cross_intermediate.crt)


Installing the SSL Certificate and CA Bundle (gd_bundle.crt) and Implementing a PKCS12 Keystore in Tomcat: 

 Generate the PKCS12 output from the .pfx file

openssl pkcs12 -in <domainname>.pfx -out <domainname>.c

2.      From the generated output( <domainname>.c ), using vi copy only private key and save it as a different file ( <domainname>.key ) and the same way copy the root certificate and save it as a different file ( your-company-name.crt )

3.      Now using the gd_bundle.crt , <domainname>.key, <domainname>.crt – Generate a keystore file. Use the following command:

openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in <domainname>.crt -inkey <domainname>.key -out keystore.tomcat -name tomcat -passout pass:changeit


Updating the server.xml Configuration File
When you have completed installing your certificate, you must configure your Tomcat server.xml configuration file to point to the correct pkcs12 keystore file:
Configure the tomcat SSL connector to use the keystore by adding the below lines,

keystoreFile="/opt/tomcat/conf/cert/certificates/keystore.tomcat"
keystorePass="changeit"
keystoreType="PKCS12"

Restart Tomcat.


Labels: SSL, Tomcat

My Profile PhotoAbout the Author

I'm Parthiban, An UNIX System Admin by Profession. I'm Experienced in Linux/Unix System Administration and Scripting. I have done lot of work on the infrastructure Mgmt side in Linux, UNIX and Windows system administration, Hardware, Storage and Data center. I'm blogging since 2008.
Follow Me On Twitter or On Facebook

0 Comments for "Installing SSL Certificate for Tomcat"

What do you think about this Article? Add your Opinion..!

Back To Top