How to install the certificate on Tomcat

Root-certificate:

Type the following command to install the root certificate file:
keytool -import -trustcacerts -alias root -file RotSertFil.crt -keystore keystore.key
If you get a message saying “Certificate already exists in system-wide CA keystore under alias <…> Do you still want to add it to your own keystore? [no]: », select Yes. If it worked, you will receive the following message “Certificate was added to keystore”.

Intermediate certificate:

Type the following command to install the Intermediate Certificate file:
keytool -import -trustcacerts -alias intermediate -file
IntermediateSertFil.crt -keystore keystore.key
If it worked, you will receive the following message “Certificate was added to keystore”.

Domain certificate:

Enter the following command to install the certificate for your domain:
(remember to use the same alias used for the private key)
keytool -import -trustcacerts -alias tomcat -file DomeneSertFil.crt -keystore keystore.key

If it worked, you will receive the following message “Certificate reply was installed in keystore”.
Now all the certificates are installed in your keystore file, what remains now is to configure your server to use the keystore file.

Configure your SSL Connector

Tomcat requires the SSL Connector to be configured before it can accept secure connections.

The default setting for Tomcat looks for a Keystore with file name that ends in .keystore in the home directory with default password “changeit”. The home directory is usually / home / username / on Unix and Linux systems, and C: \ Documents and Settings \ username \ on Microsoft Windows systems. You have the option to change password and file location.

Copy the keystore file (keystore.key) to your home area.
Open the file $ {CATALINA_HOME} /conf/server.xml in a text editor.

• Uncomment the SSL Connector in your configuration-file.
• Control that the Connector Port is 443.
• Verify that keystorePass matches the keystore password and keystoreFile contains the path and filename of your keystore

When completed, your Connector should look something like this:
<Connector className=»org.apache.catalina.connector.http.HttpConnector» port=»8443″ minProcessors=»5″ maxProcessors=»75″ enableLookups=»true» acceptCount=»10″ debug=»0″ scheme=»https» secure=»true»>

<Factory className=»org.apache.catalina.net.SSLServerSocketFactory» clientAuth=»false» protocol=»TLS» keystoreFile=»/mappe/keystore.key» keystorePass=»passord»/>

• Save the change to server.xml
• Restart Tomcat