Installation Instructions for Tomcat using X.509 format

General Information ID:    INFO234
Version:    32.0
Published:    07/18/2011
Updated:    06/08/2015

Description

This document provides instructions for installing SSL Certificates on Tomcat using the X.509 format of the certificate. If you are unable to use these instructions for your server, Symantec recommends that you contact either the vendor of your software or an organization that supports Tomcat.
 
Step 1: Download and Install Symantec CA Certificates:
 
  1. Download the Intermediate CA certificate.
  2. Select the appropriate Intermediate CA certificate for your SSL Certificate type. 
    NOTE: To check which certificate you have purchased, follow these steps.
     
  3. Copy the Intermediate CA certificate and paste it in a text editor such as Notepad or Vi. 
  4. Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces, extra line breaks or additional characters have been inadvertently added.
  5. Save the file as intermediate.cer
  6. Use the following command to import this Certificate into the keystore:

    keytool -import -trustcacerts -alias Intermediate -keystore your_keystore_filename -file intermediate.cer

    For Example:


      
Step 2: Obtain and Install the SSL Certificate
 
  1. Symantec will send the SSL Certificate via e-mail. If the certificate is an attachment (Cert.cer), you can use the file.
    If the certificate is in the body of the email, copy and paste it into a text file using Vi or Notepad.

    NOTE: If you have a Symantec Trust Center account you can download the certificate by following these steps.
    When downloading the certificate, select the X.509 format and copy only the End Entity Certificate.

    The text file should look like:

    -----BEGIN CERTIFICATE-----

    [encoded data]

    -----END CERTIFICATE-----
     
  2. Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces, extra line
    breaks or additional characters have been inadvertently added. 
  3. To follow the naming convention for Tomcat, rename the certificate filename with the .cer extension. For example: ssl_cert.cer
  4. Enter the following command to import your SSL Certificate:

    keytool -import -trustcacerts -alias your_alias_name -keystore your_keystore_filename -file your_certificate_filename

    For Example:



    NOTE: The alias name in this command must be the same as the alias name used during the generation of the private key and CSR.


Step 3: Confirm the contents of the keystore

  1. Enter the following command to list the contents of the keystore:

    keytool -list -v -keystore  your_keystore_filename >output_filename

    For Example:


     
  2. View the contents of the output file 


     
  3. Verify the following information:

    The SSL certificate is imported into the alias with the "Entry Type" of PrivateKeyEntry or KeyEntry.  If not, please import the certificate into the Private Key alias.

    The Certificate chain length is 4.
 
Step 4: Configure Tomcat server
 
          Once the certificates are imported into the keystore, configure your server.xml to enable SSL.
 

Tomcat Support
 
          For more information, see the Tomcat Website 

 

Contact Support

Knowledge Center