HostSEO Blog

Stories and News from IT Industry, Reviews & Tips | Technology Blog


How to add ssl certificate for a domain in Tomcat 8 server

The following procedure will help you to add an ssl certificate in your tomcat 8 server.

Let us assume /opt/tomcat will be the tomcat installation folder and we are going to install it for a doamin fun.com

Step 1 : Generate a Certificate Signing Request (CSR) for your domain fun.com

# mkdir /opt/tomcat/ssl
# cd /opt/tomcat/ssl
# keytool -genkey -alias fun.com -keyalg RSA -keysize 2048 -keystore fun_com.jks -dname "CN=fun.com,OU=Technical, O=Fun Technologies Limited, L=Talvia, ST=kbgrp, C=IN" && keytool -certreq -alias fun.com -file fun_com.csr -keystore fun_com.jks

Step 2 . Use the CSR file fun_com.csf for purchasing a real ssl certificate , let us say I bought it from comodo. Now we need to add all th CA root and other trust certificate to the above keystore file fun_com.jks as follows,

#keytool -import -trustcacerts -alias ExternalCARoot -file AddTrustExternalCARoot.crt -keystore /opt/tomcat/ssl/fun_com.jks

#keytool -import -trustcacerts -alias ComodoAddTru -file COMODORSAAddTrustCA.crt -keystore /opt/tomcat/ssl/fun_com.jks

Step 3 : Add the certificate file too to the keystore

# keytool -import -trustcacerts -alias fun -file fun_com.crt -keystore /opt/tomcat/ssl/fun_com.jks

Step 4 : Now check the keystore and you can see all certificate and chain crts are added to the keystore

#keytool -list -keystore /opt/tomcat/ssl/fun_com.jks

Now open the server.xml ( in /opt/tomcat/conf/server.xml ) file and enable the following sections

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="/opt/tomcat/ssl/fun_com.jks" keystoreType="JKS" keystorePass="changeit"/>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

Now restart the tomcat server

/etc/init.d/tomcat restart

You may now verify your ssl by calling your domain name over https from your browser.

Subscribe Now

10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!

Archive Calendar

SatSunMonTueWedThuFri
 123456
78910111213
14151617181920
21222324252627
28293031 

Born in 2004 ... Trusted By Clients n' Experts

SEO Stars

They never made me feel silly for asking questions. Help me understand how to attract more people and improve my search engine ranking.

Read More

Emily Schneller Manager at Sabre Inc
SEO Stars

Took advantage of Hostseo's superb tech support and I must say, it is a very perfect one. It is very fast, servers reliability is incredible.

Read More

Leena Mäkinen Creative producer
SEO Stars

We're operating a worldwide network of servers with high quality standards requirements, we’ve choose hostseo to be our perfect partner.

Read More

Ziff Davis CEO at Mashable
SEO Stars

It’s very comfortable to know I can rely about all technical issues on Hostseo and mostly that my website and emails are safe and secured here.

Read More

Isaac H. Entrepreneur
SEO Stars

With hostseo as a hosting partner we are more flexible and save money due to the better packages with great pricing, free SEO n' free SSL too!

Read More

Madeline E. Internet Professional