Phone: (480) 722-1227
Toll Free: (888) 722-1227
Installing Your SSL Certificate on Tomcat
Last Post 11 Jul 2007 05:10 PM by SuperUser Account. 0 Replies.
Printer Friendly
You are not authorized to post a reply.
Author Messages
SuperUser AccountUser is Offline
Basic Member
Basic Member

11 Jul 2007 05:10 PM  
Create the Private Key
Keytool -Genkey -Alias Tomcat -Keyalg RSA -Keystore keystorefile.kdb
Enter Keystore password: Standard Default Used: “Changeit”
Re-enter new password: Standard Default Used: “Changeit”

Create the CSR file
Keytool -Certreq -Keystore keystorefile.kdb -Alias Tomcat -file certreq.txt
Enter Keystore password:

A file will now be created in the Bin folder called certreq.txt, copy the whole contents of this file and submit it at the CA website in order to retrieve the certificate.

X.509 error
How to install the cert. double click it. Then click install cert. Once that is done open Internet option > Content tab. When you did the import you specified were the cert would be put. Find the cert. then export it. Now I can run the Keytool -import -Trustcacerts -file rootcertfile.cer -Keystore keystorefile.kdb and I no longer get that error.

1. Goto
2. Download - Equifax Secure Global eBusiness CA-1 (Base-64 encoded X.509)

Importing the Root Certificate
Keytool -import -trustcacerts -file rootcertfile.cer -Keystore keystorefile.kdb

You will have to set specific paths
Example: keytool -import -trustcacerts -file c:\rootcertfile.cer -keystore c:\keystorefile.kdb

You will be prompted for the password you used when created the CSR request. Standard Default Used: “Changeit”

Importing the SSL Certificate
keytool -import -Alias Tomcat -file sslcertfile.cer -Keystore keystorefile.kdb

If successful it will display: 'Certificate reply was installed in keystore'

Edit the SERVER.XML file

Open server.xml in notepad

Add the following lines:

Good information Reissue process:
After generating the CSR from the server use the below URL to start the update process:
Fill in the three fields to login. On the next screen click on 'redeem' and then click on submit and continue.
You will receive an email which will include a web link to update the current CSR, click on this link and you will be directed to the page where you will paste the CSR.
Shortly afterwards you will receive an email to approve the reissue then a new certificate will be sent out which you can now use to install on the server.
You are not authorized to post a reply.

Active Forums 4.2
Vigilant Technologies
Vigilant Technologies is a certified 8(a), Veteran Owned company headquartered in Chandler, Arizona. We provide products, services and enterprise-wide integration of innovative IT solutions to commercial, Federal, State and Local government clients. Our Leading edge services include Private/Hybrid Cloud, Server Consolidation, Visualization implementation, and Infrastructure Management.
Engage with us
Copyright 2006 - 2013 Vigilant Support   |  Privacy Statement  |  Terms Of Use