Configuring the server.xml file in Tomcat to enable SSL

Solution ID:    SO5306
Version:    17.0
Published:    07/18/2011
Updated:    07/27/2013

Problem


Self-signed certificate shows after importing SSL certificate successfully in Tomcat

Expired or old certificate shows after new certificate was successfully installed

Cause


Tomcat keeps its configuration information in a server.xml file, which ensures Tomcat is reading the correct keystore file and keystore
password
.This file also allows server administrators to set the port for secure connections.
 
If the server.xml file is not configured, or if it is pointing to the wrong keystore, then the server may present the incorrect certificate
to the client browser.
 

Solution


 To configure the server.xml file to enable SSL in Tomcat, please see the information below:
 
  1. Open the server.xml config file using a text editor (ie. JAKARTA_HOME/conf/server.xml)
  2. Search for the secure element in your config file (try searching for SSL Connector). By default it should look something like this:

    <!-- SSL Connector on Port 443 -->
         <!--
        <Connector
          className="org.apache.coyote.tomcat4.CoyoteConnector"
          port="443" minProcessors="5"
          maxProcessors="75"
          enableLookups="false"
          acceptCount="10"
          connectionTimeout="60000" debug="0"
           scheme="https" secure="true">
        <Factory
          className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
                 clientAuth="false" protocol="TLS"
                 keystoreFile="insert path to the keystore here"
                 keystorePass="insert keystore password here"
    />
        </Connector>

    -->
  3. Make sure the "keystoreFile" directive is referencing the correct keystore and the "keystorePass" directive is referencing
    the correct keystore password.
    NOTE: These directives are case-sensitive! Make sure the letters "F" and "P" in "keystoreFile" and "keystorePass" are in uppercase.
  4. If your keystore contains more than one private key alias, please add the "keyAlias" directive to reference the correct private key alias name

    For Example:

    keystoreFile="insert path to the keystore here"
    keystorePass="insert keystore password here"
    keyAlias="insert private key alias here"/>
     
  5. Save the changes.
  6. Stop and start Tomcat
  7. To verify if your certificate is installed correctly, use the Symantec Installation Checker
 
Tomcat

          For more information, please refer to Tomcat Support 

          For inforrmation regarding Tomcat 6.0 click here 
 

Legacy ID

vs39345

Disclaimer:

Terms of use for this information are found in Legal Notices

Contact Support

Knowledge Center

Languages:

This article is available in the following languages: