Installing a SSL Certificate - Java Based (Tomcat) Web Servers


Installing SSL Certificate Chain (Root, Intermediate(s) and the End Entity)
Tomcat, tomcat, tomcat, tomcat

1. Import Root Certificate
      -> keytool -import -trustcacerts -alias AddTrustExternalCARoot -file AddTrustExternalCARoot.crt -keystore domain.keystore

2. Import Intermediate(s)
      -> keytool -import -trustcacerts -alias UTNAddTrust -file UTNAddTrustSGCCA.crt -keystore domain.keystore

Note:

Depending on the type of certificate that was purchased, there may be more than one Intermediate certificate in the chain of trust. Please install all intermediates in numberical order until you get to the domain/end entity certificate.

Example: UTNAddTrustSGCCA.crt would become to UTNAddTrustSGCCA.
For more information on

3. Import Entity/Domain certificate
      -> keytool -import -trustcacerts -alias yyy -file yourDomainName.crt -keystore domain.keystore

Note: Only use -alias if you have set one during the CSR Generation process.

Note: Tomcat will first need a SSL Connector configured before it can accept secure connections.

4. Restart the Web Server Service.

Important Note:

An alias is only used during the import of the entity/domain certificate if an alias was used during CSR generation.