Jakarta-Tomcat
Installing your Web Server Certificate
Your certificate will be sent to you
by email. The email message includes the web server certificate that you purchased
in the body of the email message.
Copy the certificate from the body of the email and paste it into a text
editor (such as notepad) to create text files.
Note if you are installing the certificate on anything
other than a Sun system you will have to convert the certificate to binary format.
You can use OpenSSL (obtained from www.openssl.org) to convert the certificate
to binary format.
Install the QuickSSL certificate:
1. Copy/paste your GeoTrust root certificate into a text editor and save the
file as geotrustca.pem. The root certificate is not normally sent out with GeoTrust
certificates. Contact us at ssltech@geotrust.com to obtain the root certificate.
2. Copy/paste your web server certificate into a text editor and save the file
as domainname.pem (substitute domainname for the domain name that you purchased
the certificate for.)
2a. If necessary, convert the server certificate and root certificate to binary
format (must have openssl installed) using the following command:
openssl x509 -in domainname.pem -inform PEM -outform DER -out domainname.crt
openssl x509 -in geotrustca.pem -inform PEM -outform DER -out geotrustca.crt
3. Import the "Root Certificate" using the following command:
$JAVA_HOME/bin/keytool -import -alias geotrustca -keystore
/path/to/domainname.kdb -file geotrustca.crt
4. Import the "Server Certificate" using the following command:
$JAVA_HOME/bin/keytool -import -alias tomcat -keystore /path/to/domainname.kdb
-file domainname.crt
Note: You must use the alias name of "tomcat"
Update server.xml configuration file:
1. Open "$JAKARTA_HOME/conf/server.xml" in a text editor.
2. Find the following section:
<Connector className="org.apache.catalina.connector.http.HttpConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="10" debug="0" scheme="https" secure="true">
<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="false" protocol="TLS"
keystoreFile="tomcat.kdb"
keystorePass="password"/>
3. If you want Tomcat to use the default SSL port, change all
instances of the port number 8443 to 443.
4. Add the keystoreFile and keystorePass directives to correspond
with the keystore file and password that you are using.
5. Start or restart Tomcat using the appropriate startup script
(startup.sh for unix/linux or startup.bat for windows)
| 
