Installing your SSL: Tomcat

Installing your SSL: Tomcat

To install your SSL certificate, you will need to do the following:

Part 1: Install the Certificates

Please note: You must carry out the following tasks in this order:

1

Copy your SSL Certificate into a text editor and save as mydomain.pem where mydomain is the common name in your SSL certificate.

2

Download the appropriate Root Certificate and save it in a text editor as root.crt:

DomainSSL:

http://secure.globalsign.net/cacert/root.crt

OrganisationSSL:

http://secure.globalsign.net/cacert/root.crt

ExtendedSSL:

http://www.globalsign.com/support/root-globalsign-rc2.html

3

Download the appropriate Intermediate Certificate(s) and save it in a text editor as intermediate.crt:

Please note: The EV Bundle must be saved as evbundle.pem.

DomainSSL:

http://www.globalsign.com/support/root-domainssl.html

OrganisationSSL:

http://www.globalsign.com/support/root-organizationssl.html

ExtendedSSL:

http://www.globalsign.com/support/tomcat_ev_bundle.html

4

Import the certificates:

Please note: The certificates must be installed in the keystore that was used to generate your CSR.

a

Import the root certificate using:

keytool -import -trustcacerts -alias root -file root.crt -keystore NEWkeystore

With NEWkeystore being your keystore.

b

Import the appropriate intermediate certificate or EV Bundle will be using the following command:

keytool -import -trustcacerts -alias INTER -file inter.crt -keystore NEWkeystore

With NEWkeystore being your keystore.

c

Import the domain.crt file using:

keytool -import -trustcacerts -alias globalsigncertNEW -file domain.crt -keystore NEWkeystore

With NEWkeystore being your keystore.

Edit the file name and include the file pathname for each certificate in the above commands.

The keyword after -alias is the unique friendly name you assigned to each certificate when generating your private key and CSR and should be edited to accordingly.



Part 2: Update server.xml configuration file

1

Open $JAKARTA_HOME/conf/server.xml in a text editor.

2

Find the following section:

- <!--
Define a SSL Coyote HTTP/1.1 Connector on port 8443
-->

<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="100" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true">

<Factory
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="false"
protocol="TLS"
keystoreFile="mystore.kdb"
keystorePass="YOUR_KEYSTORE_PASSWORD" />

</Connector>

3

If you want Tomcat to use the default SSL port, change all instances of the port number 8443 to 443.

4

Start or restart Tomcat for the changes to take effect.