Installing SSL Certificate on Tomcat

Installing an SSL certificate on Tomcat involves several steps, including generating or obtaining the certificate, configuring Tomcat to use the certificate, and securing the server. Here's a step-by-step guide for installing an SSL certificate on Tomcat.

Prerequisites

  • To convert your .cer into different file formats, Utilize our eMudhra utility tool to seamlessly transform your files into .cer, .pfx (.p12), .jks, or .pem formats, and conveniently import zip files using our CSR tool."

For details on specific configuration options please refer to the official Tomcat documentation for SSL.

  • Make sure that OpenSSL is installed on the target machine or container along with Java and Tomcat before continuing.

  • Place the three files mentioned above in a directory where Tomcat can read them and set the permissions. In the next steps we'll use the directory /certs - please change the path accordingly.

  • Edit the "server.xml" file.

  • Make sure that it contains a line like this:

    <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />

  • Next adapt the existing SSL listener in the same server.xml file or add a new one - don't forget to change the path accordingly:

 <Connector port="8443" 
protocol="org.apache.coyote.http11.Http11AprProtocol" 
maxThreads="150" SSLEnabled="true" >
    <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
  <SSLHostConfig>
          <Certificate certificateKeyFile="/cert/private.key" certificateFile="/cert/certificate.crt" certificateChainFile="/cert/ca_bundle.crt" type="RSA" />
    </SSLHostConfig>
 </Connector>
  • If you want Tomcat to listen on another port than 8443 please change port="8443" to a value that suits you

  • If you don't want to offer Http/2 you can omit the line <UpgradeProtocol .../>

4. Check Installation

You have completed all the required steps to install your SSL certificate. Verify that the SSL certificate is correctly installed by accessing your website or service using HTTPS. After installing your certificate, it is a good practice to test your SSL setup using various online tools to ensure everything is working correctly.

Last updated

© eMudhra. All Rights Reserved.