Java
      Back to home
      1. Help Center
      2. How To
      3. Java

      Install an SSL Certificate on a Tomcat or Java-based Web Server

      This how-to illustrates how to install SSL certificates on a Tomcat or other Java-based server with keytool, a command-line tool for managing keys and certificates in a Java KeyStore.

      Root and Intermediate Certificates

      Proper functioning of a server certificate depends on the successful installation of intermediate and root certificates. The complete SSL.com certificate chain typically includes 4 files.

       

      Certificate Installation with Keytool

      Note: In the commands shown below, you'll need to replace the example keystore name domain.key with your keystore name.

      Use the keytool command to import the root certificate(s) as follows

      SSL.com Root

      Use the keytool command to import the Certum root certificate as follows:

      keytool -import -trustcacerts -alias root1 -file CERTUM_TRUSTED_NETWORK_CA.crt -keystore domain.key

      Use the same process for the SSL.com root certificate using the keytool command(notice that the alias is slightly different than before):

      keytool -import -trustcacerts -alias root2 -file SSL_COM_ROOT_CERTIFICATION_AUTHORITY_RSA.crt -keystore domain.key

      Next, you'll install the intermediate certificate:

      keytool -import -trustcacerts -alias INTER -file SSL_COM_RSA_SSL_SUBCA.crt -keystore domain.key

       

      Use the same process for the site certificate using the keytool command.  The alias for this certificate should match the alias that you used when creating the CSR.

      keytool -import -trustcacerts -alias yyy (where yyy is the alias specified during CSR creation) -file domain.crt -keystore domain.key

      The password is then requested:
      Enter keystore password: (This is the one used during CSR creation)

      The following information will be displayed about the ssl certificate and you will be asked if you want to trust it (the default is no so type 'y' or 'yes'):

      Owner: CN= Root, O=Root, C=US
Issuer: CN=Root, O=Root, C=US
Serial number: 111111111111
Valid from: Fri JAN 01 23:01:00 GMT 1990 until: Thu JAN 01 23:59:00 GMT 2050
Certificate fingerprints:
MD5: D1:E7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
SHA1: B6:GE:DE:9E:4C:4E:9F:6F:D8:86:17:57:9D:D3:91:BC:65:A6:89:64
Trust this certificate? [no]:

      Then an information message will display as follows:

      Certificate was added to keystore

      All the certificates are now loaded and the correct root certificate will be presented.