Then follow the following instructions:
Installing the Certificates to the Keystore
1. Download your certificate files from your certificate authority and save them to the same directory as the keystore that you created during the CSR creation process. The certificate will only work with the same keystore that you initially created the CSR with. The certificates must be installed to your keystore in the correct order.
2. Install the Root Certificate file: Every time you install a certificate to the keystore you must enter the keystore password that you chose when you generated it. Enter the following command to install the Root certificate file:
keytool -import -trustcacerts -alias root -file RootCertFileName.crt -keystore keystore.key
If you receive a message that says "Certificate already exists in system-wide CA keystore under alias <...> Do you still want to add it to your own keystore? [no]:", select Yes. If successful, you will see "Certificate was added to keystore".
3.
Install the Intermediate Certificate file: If your certificate authority provided an intermediate certificate file, you will need to install it here by typing the following command:
keytool -import -trustcacerts -alias intermediate -file IntermediateCertFileName.crt -keystore keystore.key
If successful, you will see "Certificate was added to keystore".
4.
Install the Primary Certificate file: Type the following command to install the Primary certificate file (for your domain name):
keytool -import -trustcacerts -alias tomcat -file PrimaryCertFileName.crt -keystore keystore.key
If successful, you will see "Certificate reply was installed in keystore". You now have all the certificates installed to the keystore file. You just need to configure your server to use the keystore file.
Configuring your SSL Connector
Tomcat requires an SSL Connector to be configured before it can accept secure connections.
By default Tomcat looks for your Keystore with the file name .keystore in the home directory with the default password "changeit". The home directory is generally /home/user_name/ on Unix and Linux systems, and C:\Documents and Settings\user_name\ on Microsoft Windows systems. You will be able to change the password and file location.
Method 1 -- Add an SSL Connector using admintool:
1. Start Tomcat.
2. Enter 'http://localhost:8080/admin' in a local browser to start admintool.
3. Type a username and password with administrator rights.
4. On the left select service (Java Web Services Developer Pack).
5. Select Create New Connector from the drop-down list on the right.
6. Choose HTTPS in the Type field.
7. In the Port field, enter 443. This defines the TCP/IP port number on which Tomcat will listen for secure connections.
8. Enter the Keystore Name and Keystore Password if your keystore is named something other than .keystore, if .keystore is located in a directory other than the home directory of the machine on which Tomcat is running, or if the password is something other than the default value of changeit. If you have used the default values, you can leave these fields blank.
9. Select Save to save the new Connector.
10. Select Commit Changes to save the new Connector information to the server.xml file so that it is available the next time Tomcat is started.
Method 2 -- Configure the SSL Connector in server.xml :
1. Copy your keystore file (your_domain.key) to the home directory.
2. Open the file Home_Directory/conf/server.xml in a text editor.
3. Uncomment the SSL Connector Configuration.
4. Make sure that the Connector Port is 443.
5. Make sure the keystorePass matches the password for the keystore and the keystoreFile contains the path and filename of the keystore.
When you are done your connector should look something like this:
6. Save the changes to server.xml
Quick and easy steps. It made it easy to install ssl certificate on my website.
ReplyDelete