Installation Instructions for Tomcat using X.509 format

General Information ID:    INFO234    Updated:    01/30/2017

Description

This document provides instructions for installing SSL Certificates on Tomcat using the X.509 format of the certificate. If you are unable to use these instructions for your server, Symantec recommends that you contact either the vendor of your software or an organization that supports Tomcat.
 
Step 1: Download and Install {SYMANTEC} CA Certificates:
 
  1. Download the Intermediate CA certificate.
  2. Select the appropriate Intermediate CA certificate for your SSL Certificate type. 
    NOTE: To check which certificate you have purchased, follow these steps.
     
  3. Copy the Intermediate CA certificate and paste it in a text editor such as Notepad or Vi. 
  4. Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces, extra line breaks or additional characters have been inadvertently added.
  5. Save the file as intermediate.cer
  6. Use the following command to import this Certificate into the keystore:
     
    keytool -import -trustcacerts -alias Intermediate -keystore your_keystore_filename -file intermediate.cer
Step 2: Obtain and Install the SSL Certificate
 
  1. Symantec will send the SSL Certificate via e-mail. If the certificate is an attachment (Cert.cer), you can use the file.
    If the certificate is in the body of the email, copy and paste it into a text file using Vi or Notepad.

    NOTE: If you have a Symantec Trust Center account you can download the certificate by following these steps.
    When downloading the certificate, select the X.509 format and copy only the End Entity Certificate.

    The text file should look like:

    -----BEGIN CERTIFICATE-----

    [encoded data]

    -----END CERTIFICATE-----
     
  2. Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces, extra line breaks or additional characters have been inadvertently added. 
  3. To follow the naming convention for Tomcat, rename the certificate filename with the .cer extension. For example: ssl_cert.cer
  4. Enter the following command to import your SSL Certificate:
     
    keytool -import -trustcacerts -alias your_alias_name -keystore your_keystore_filename -file your_certificate_filename

    NOTE: The alias name in this command must be the same as the alias name used during the generation of the private key and CSR.


Step 3: Confirm the contents of the keystore

  1. Enter the following command to list the contents of the keystore:

    keytool -list -v -keystore  your_keystore_filename >output_filename
     
  2. View the contents of the output file 
     
    Keystore type: JKS
    Keystore provider: SUN

    Your keystore contains 2 entries

    Alias name: alias
    Creation date: Jul 1, 2016
    Entry type: PrivateKeyEntry
    Certificate chain length: 3

  3. Verify the following information:

    The SSL certificate is imported into the alias with the "Entry Type" of PrivateKeyEntry or KeyEntry.  If not, please import the certificate into the Private Key alias.

    The Certificate chain length is 3.
 
Step 4: Configure Tomcat server
 
          Once the certificates are imported into the keystore, configure your server.xml to enable SSL.
 

Tomcat Support
 
          For more information, see the Tomcat Website 

Contact Support

Find Answers

Languages