Tomcat SSL: SSL Certificates for Tomcat Servers

Apache Tomcat servers are widely used to host websites and execute Java servlets. They’re application servers, and one of the most popular server-types our customers use. Unfortunately, sometimes Tomcat servers don’t play nicely with SSL — at least, this is the case if you’re not sure what you’re doing. That’s why we’ve written a Tomcat SSL guide that discusses SSL certificates for Tomcat Servers.

Types of SSL Certificates That Work on Tomcat Servers

Tomcat servers are compatible with most types of SSL certificate, including:

• Single domain — You can secure both WWW- and non-WWW versions of a website.
• Multi domain — You can secure up to 250 different domains on a single SSL certificate.
• Wildcard — You can secure a single domain and all of its first-level sub-domains.
• Extended validation (EV) — This is the highest level of validation available; it displays verified organizations details and the green address bar in select browsers.

And guess what? We sell all of these certificates at the internet’s lowest prices. So, if you need SSL certificates for Tomcat servers, you’ve come to the right place.

	PositiveSSL (Single Domain) Certificate	Comodo SSL Certificate	PositiveSSL Wildcard Certificate	Comodo Multi Domain SSL
	DV	DV	DV	OV
Coverage	WWW- and non-WWW domain	WWW- and non-WWW domain	Main domain + unlimited subdomains (on one level)	Single domain + 4 SANs (up to a total of 250 SANs optional)
Issuance	Within minutes	Within minutes	Within minutes	1-3 business days
SSL Encryption	Up to 256 bits	Up to 256 bits	Up to 256 bits	Up to 256 bits
Key Strength	2080 bits	2080 bits	2080 bits	2080 bits
Server License	Unlimited	Unlimited	Unlimited	Unlimited
SSL Site Seal	PositiveSSL Static Site Seal	Comodo Secure Static Site Seal	PositiveSSL Static Site Seal	Comodo Secure Static Site Seal
Warranty	$50,000	$250,000	$50,000	$250,000
Refund	30-day money back guarantee	30-day money back guarantee	30-day money back guarantee	30-day money back guarantee
Price	$7.02 per year	$48.61 per year	$69.78 per year	$116.82 per year
Purchase	[Shop Certificates]	[Shop Certificates]	[Shop Certificates]	[Shop Certificates]

Tomcat SSL: SSL Certificates and Your Tomcat Server

Tomcat uses something called the “keytool” to help facilitate digital certificate issuance and installation. It can be a bit tricky, which is why we’ve gone ahead and included step-by-step directions on how to generate your CSR on the Tomcat server.

Before we get started, we highly recommend that you create a new Keystore for your installation. Trying to install a new certificate in an old Keystore can lead to browser errors. Just play it safe and create a new one.

Creating a New Keystore

1. Navigate to the directory where you plan to locate the new keystore.
2. Enter the following command:

keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore your_site_name.jks

3. When prompted, create a password for your new Keystore.
4. Enter the required information (Note: Do not type your own name into the name field, type your FQDN).
5. When finished, verify your information by typing “Y” or “Yes.” (Minus the period at the end.)
6. Finally, enter the password you just created in step three.

Boom, finished. Next up…

Creating a CSR on Tomcat Servers

1. Run the following command:

keytool -certreq -alias server -file csr.txt -keystore your_site_name.jks

2. Once prompted, enter the password you created in step three of the Keystore instructions
3. Use the information you supplied when creating the keystore. The CSR will be generated and saved in the chosen directory as “CSR.txt.”

We recommend saving and backing up the keystore file once you’ve complete generating the CSR. Once you’ve got the CSR complete, choose the SSL certificate you’d like to install on your Tomcat server and then purchase it, copy/pasting the CSR (open the .txt file) into the relevant field (usually the one labelled CSR).

Once the purchase and validation are complete, the CA will email you a bundle that includes your SSL certificate and an intermediate certificate that needs to be installed with it.

How to Install an SSL Certificate on Your Tomcat Server

1. Save your certificate(s) to the Keystore directory you created.
2. Use the following command to import the keystore:

keytool -import -alias server -file your_site_name.p7b -keystore your_site_name.jks

3. You should see a confirmation message that says: “Certificate reply was installed in keystore.”
4. Type “Y” or “Yes” to trust the certificate.

Now, finally, we just need to configure the Tomcat server to serve the website via HTTPS.

Configuring Your SSL/TLS Connector

1. Using a text editor, open your Tomcat server.xml file.
2. Locate the connector you want to secure with your new keystore.
3. Configure the connector to use port 443 (HTTPS), your configuration file should look something like this:

<Connector port="443" maxHttpHeaderSize="8192" maxThreads="100"
           minSpareThreads="25" maxSpareThreads="75"
           enableLookups="false" disableUploadTimeout="true"
           acceptCount="100" scheme="https" secure="true"
           SSLEnabled="true" clientAuth="false"
           sslProtocol="TLS" keyAlias="server"
           keystoreFile="/home/user_name/your_site_name.jks"
           keystorePass="your_keystore_password" />

4. Save the changes to your server.xml file.
5. Restart your Tomcat server.

That’s it! You’re done.

Let Us Handle It for You!

Of course, if installing your Tomcat SSL certificate yourself seems like more trouble than you’d care to undertake — let us do it for you! We’ve got plenty of experience working with SSL certificates for Tomcat servers. Suffice to say, this ain’t our first rodeo. So, feel free to contact us about our installation service, which is performed by our accredited SSL specialists, all of whom are kind, friendly, and have great phone voices. So please, feel free to give us a call.