TBS-certificates' FAQ - Frequently Asked Questions > Install a certificate > Install a X509 / SSL certificate on a server ( Web / HTTP / OWA / Email / POP / IMAP / FTP ...) :

Tweeter

Certificates

Comparison chart

Browsers

SSL EV

SSL Standard

SSL 128-bit

SSL wildcard

SSL SAN

Developer certificate

User certificate

Test certificates

PKI

The Trust Seals

Our products range

TBS X509

VeriSign / Symantec

Thawte

Comodo

GlobalSign

ChamberSign

GeoTrust

Partners

Client login

Open an account

FAQ

The Lab

Focus

VeriSign Trust Seal

Norton Secured Seal

As a VeriSign major partner, TBS internet is the first company in Europe to offer the VeriSign trust logo, the most recognized worldwide. An SSL certificate is no longer required as the seal is available after an organisation audit and comes with a malware detection system. More details...

Install a Tomcat certificate

PREAMBLE: the following instructions are only applicable to Tomcat that have been compiled with JSSE. Recent versions of Tomcat can be using Apache APR library: In that case follow the instructions for Apache (Install an Apache certificate). To know if you are using APR search for the "TOMCAT/bin/tcnative-1.dll" dll under Windows, the "libtcnative-1.so.0.1.12" libraries under Linux and "libapr-1.so.0.3.3" in "TOMCAT/native/lib". If so, APR is available.

1- Retrieve your certificate on your server

Download the overall file (.p7b) indicated in the delivery mail and save it on your desktop.

2- Import the certificate

To install your certificate in your Keystore:

Use the same machine (and the same directory) you did to request your certificate.
Import the certificate:
```
keytool -import -trustcacerts -alias [alias-name] -file [p7-0000000000-0000.p7b] -keystore [keystorename]
```
IMPORTANT: Provide the same alias name you did in your certificate request and use the same keystore name as well.

3- Activate SSL

Edit the server.xml file of your server. Spot the comment section of your file and complete it as explained under here:

With Tomcat 4

<Connector
     className="org.apache.coyote.tomcat4.CoyoteConnector"
     port="8443" minProcessors="5"
     maxProcessors="75"
     enableLookups="false"
     acceptCount="10"
     connectionTimeout="60000" debug="0"
      scheme="https" secure="true">
   <Factory
     className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
            clientAuth="false" protocol="TLS"
            keystoreFile="FULL-PATH+KEYSTORENAME"
            keystorePass="KEYSTORE-PASSWORD" />
   </Connector>

With Tomcat 5

<Connector className="org.apache.coyote.tomcat5.CoyoteConnector"
          port="8443" minProcessors="5" maxProcessors="75"
          enableLookups="true" disableUploadTimeout="true"
          acceptCount="100" debug="0" scheme="https" secure="true";
          clientAuth="false" sslProtocol="TLS"
          keystoreFile="FULL-PATH+KEYSTORENAME"
          keystorePass="KEYSTORE-PASSWORD" />

With Tomcat 6

<Connector protocol="org.apache.coyote.http11.Http11Protocol"
          port="8443" minProcessors="5" maxProcessors="75"
          enableLookups="true" disableUploadTimeout="true" 
          acceptCount="100"  maxThreads="200"
          scheme="https" secure="true" SSLEnabled="true"
          keystoreFile="FULL-PATH+KEYSTORENAME"
          keystorePass="KEYSTORE-PASSWORD" />

4- Run a test

Check the access of your website's secured pages with IE 6 and Firefox.

Frequent errors

java.lang.Exception: Input not an X.509 certificate

External links

Keytool: http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/keytool.html
Tomcat 4 documentation: http://tomcat.apache.org/tomcat-4.0-doc/ssl-howto.html
Tomcat 5.5 documentation: http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
Tomcat 6 documentation: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

Anonymous [ settings | log in ]

Last edited on 01/12/2011 13:58:23 --- [search]