CentOS Debian Mint openSUSE Red Hat Ubuntu

How to Install an SSL Certificate in Tomcat for the Java project in Linux

How to Install an SSL Certificate in Tomcat for the Java project in Linux

Sometimes we may need to implement an SSL certificate in tomcat for Java projects. Implementing SSL in tomcat is somehow different from implementing in web servers like Nginx, Apache. In this article, we will learn how to install the SSL certificate on tomcat. We assume that you have already configured the Java environment and the tomcat server is running.

Create a Keystore

Java provides JKS also know as Java KeyStore as a security certificates repository. Both JDK and JRE provide command-line utility tool keytool for creating and managing Keystore. Run the following command to create a KeyStore.

$ keytool -genkey -alias tomcat.linuxways.com -keyalg RSA -keystore /etc/pki/keystore

Create CSR

If you are going to install a self-signed certificate, you can avoid this step. If you want to install purchased SSL certificates, then you need to create a CSR file.

$ keytool -certreq -keyalg RSA -alias tomcat.linuxways.com -file tomcat.csr -keystore /etc/pki/keystore

You will get a prompt to supply a Keystore password. Once the password is submitted, a CSR file will be generated. Use this CSR file to purchase a CA-signed SSL certificate.

Get CA signed SSL certificate

Once the certificate is issued by CA, you will have the following files. A domain (tomcat.linuxways.com) is taken for example.

  • tomcat.linuxways.com (CA issued certificate)
  • root.crt (Root certificates)
  • intermediate.crt (Intermediate certificates)

Install the certificate

Import the CA-signed certificate using the following command.

$ keytool -import -alias tomcat.linuxways.com -keystore /etc/pki/keystore -trustcacerts -file path-to-certificate/tomcat.linuxways.com.crt

Where path-to-certificate is the certificate directory and tomcat.linuxways.com.crt is the CA-signed SSL certificate.

Install root certificate

Import root certificate using the following command.

$ keytool -import -alias root -keystore /etc/pki/keystore -trustcacerts -file path-to-certificate/root.crt

Where root.crt is the root certificate file.

Install intermediate certificate

Run the following command to import intermediate certificate files.

$ keytool -import -alias intermediateca -keystore /etc/pki/keystore -trustcacerts -file path-to-certificate/intermediateca.crt

Where intermediateca.crt is the intermediate certificate file.

Change tomcat configuration

After importing all the required certificates, now it’s time to configure tomcat Keystore. Go to the tomcat installation folder and find the server.xml file. Update the configuration file with the following contents.

$ vi tomcat-installation-directory/config/server.xml


$ vi /opt/tomcat/config/server.xml

<Connector port="4443" protocol="HTTP/1.1"








keystorePass="_password_" />

For the demonstration, port 4443 is being used. You can select any ports depending upon your environment.

Restart the tomcat

Certificates installation has been completed. Restart the tomcat server to reflect the changes.

$ path-to-tomcat/bin/shutdown.sh
$ path-to-tomcat/bin/startup.sh


$ /opt/tomcat/bin/shutdown.sh
$ /opt/tomcat/bin/startup.sh

Verify the certificate

Now access the tomcat server URL using any browser to verify the certificates.





In this article, we learned how to generate CSR files and install CA signed SSL certificates in Tomcat for Java projects.

Similar Posts