We're a preferred vendor in the New York Web Hosting section of Marketingtool.com.

This site is Web Related.

Jakarta-Tomcat

Installing your Web Server Certificate

Your certificate will be sent to you by email. The email message includes the web server certificate that you purchased in the body of the email message.

Copy the certificate from the body of the email and paste it into a text editor (such as notepad) to create text files.

Note if you are installing the certificate on anything other than a Sun system you will have to convert the certificate to binary format. You can use OpenSSL (obtained from www.openssl.org) to convert the certificate to binary format.

Install the QuickSSL Certificate

1. Copy/paste your GeoTrust root certificate into a text editor and save the file as geotrustca.pem. The root certificate is not normally sent out with GeoTrust certificates. Contact GeoTrust at ssltech@geotrust.com to obtain the root certificate.
   
   
2. Copy/paste your web server certificate into a text editor and save the file as domainname.pem (substitute domain name for the domain name that you purchased the certificate for.)
   
   
3. If necessary, convert the server certificate and root certificate to binary format (must have openssl installed) using the following command:
   
   openssl x509 -in domainname.pem -inform PEM -outform DER -out domainname.crt

openssl x509 -in geotrustca.pem -inform PEM -outform DER -out geotrustca.crt
   
   
4. Import the "Root Certificate" using the following command:
   
   $JAVA_HOME/bin/keytool -import -alias geotrustca -keystore /path/to/domainname.kdb -file geotrustca.crt
   
   
5. Import the "Server Certificate" using the following command:
   
   $JAVA_HOME/bin/keytool -import -alias tomcat -keystore /path/to/domainname.kdb -file domainname.crt
   
   Note: You must use the alias name of "tomcat"

Update the Server XML Configuration File

1. Open $JAKARTA_HOME/conf/server.xml in a text editor.
   
   
2. Find the following section:
   
   <Connector className="org.apache.catalina.connector.http.HttpConnector"
        port="8443" minProcessors="5" maxProcessors="75"
        enableLookups="true"
        acceptCount="10" debug="0" scheme="https" secure="true">

<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
        clientAuth="false" protocol="TLS"
        keystoreFile="tomcat.kdb"
        keystorePass="password"/>
   
   
3. If you want Tomcat to use the default SSL port, change all instances of the port number 8443 to 443.
   
   
4. Add the keystoreFile and keystorePass directives to correspond with the keystore file and password that you are using.
   
   
5. Start or restart Tomcat using the appropriate startup script (startup.sh for unix/linux or startup.bat for Windows.)

Test your certificate by using a browser to connect to your server. Use the https protocol directive (e.g. https://yourserver.com/) to indicate you wish to use secure HTTP.

Note: The padlock icon on your browser will be displayed in the locked position if your certificates are installed correctly and the server is properly configured for SSL.

Back to Top