Installing an SSL Certificate: Java Based Web Servers (Tomcat) using keytool

1. Import the Root Certificate

 -> keytool -import -trustcacerts -alias AddTrustExternalCARoot -file AddTrustExternalCARoot.crt -keystore domain.keystore

2. Import Intermediate(s)

-> keytool -import -trustcacerts -alias intermediate_filename -file intermediate_filename.crt -keystore domain.keystore

Please note: Depending on the type of certificate purchased, there may be multiple Intermediate certificate in the chain of trust. If this is the case, please install all intermediates in numerical order until you get to the domain/end entity certificate.

3. Import Entity/Domain Certificate

 -> keytool -import -trustcacerts -alias mykey -file yourDomainName.crt -keystore domain.keystore

If successful, you should receive the message: Certificate reply was installed in keystore.

Please note: If an alias was specified upon creation of the CSR, use that alias instead of mykey.

4. Restart the Web Server Service.

Please note: Tomcat will first need an SSL Connector configured before it can accept secure connections. Please ensure this is set before the server is restarted.

Is article helpful?