SSL Certificate Installation Instructions

Java Based Web Servers - Tomcat, JSE1.4.x

Firstly when your issuance email arrives it will contain your web server certificate. Copy your web server certificate into a text editor such as notepad including the header and footer. You should then have a text file that looks like:

-----BEGIN CERTIFICATE-----
[encoded data]
-----END CERTIFICATE-----

Make sure you have 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been inadvertently added.

    1. Save the certificate file in your text editor as domainname.crt. You must now convert the certificate to binary format.
    2. Copy the domainname.crt to a Windows machine.
    3. Double click domainname.crt, click the Details tab, click Copy to File and you will enter the Certificate Export Wizard
    4. In the Export File Format select the Cryptographic Message Syntax Standard option. Check the Include all certificates in the certification path.
    5. Copy the newly created domainname.p7b file to the machine running your Tomcat server.

The following certificate installations must be executed in the stated order.

  1. Import the relevant GeoTrust root certificate file (available http://www.geotrust.com/resources/root_certificates/index.htm) using:

    keytool -import -trustcacerts -keystore my.kdb -alias root - file c:\root_der.cer

    With my.kdb being your keystore and c:\root_der.cer being the path to the GeoTrust root certificate file.

    1. Import the domainname.p7b file using:

    keytool -import -trustcacerts -keystore my.kdb -alias tomcat -file yourdomain.p7b

    With my.kdb being your keystore, tomcat being the name you had previously specified as your alias, and yourdomain.p7b being the path to your p7b file.

Update server.xml configuration file:

  1. Open $JAKARTA_HOME/conf/server.xml in a text editor.
  2. Find the following section and make the following amendments:

    - <!--
    Define a SSL Coyote HTTP/1.1 Connector on port 8443
    -->

    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
    port="443" minProcessors="5" maxProcessors="75"
    enableLookups="true"
    acceptCount="100" debug="0" scheme="https" secure="true"
    useURIValidationHack="false" disableUploadTimeout="true">

    <Factory
    className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
    clientAuth="false"
    protocol="TLS"
    keystoreFile="my.kdb"
    keystorePass="YOUR_KEYSTORE_PASSWORD" />

    </Connector>

    1. With my.kdb being your keystore, keystorePass being your keystore password.
    2. If you want Tomcat to use the default SSL port, change all instances of the port=8443 to port=443.
    3. Start or restart Tomcat using the appropriate startup script.