Installing SSL Certificate on Tomcat


You can find instructions for installing an SSL certificate on a Tomcat web server below.

Before You Start

Please make sure you have downloaded your certificate files. Still haven't downloaded your certificate? To get instructions on how to download your certificate (.zip), you can click here.

After downloading your certificate, you should have a ZIP containing the following certificate files:

  • certificate.crt
  • ca_bundle.crt
  • private.key

  1. Convert Certificate Files

    First and foremost, you will need to convert your certificate.crt and ca_bundle.crt files from PEM (.crt) to PKCS#7 (.p7b). This can be done easily by using the OpenSSL command below:

    openssl crl2pkcs7 -nocrl -certfile certificate.crt -out certificate.p7b -certfile ca_bundle.crt
  2. Upload Certificate Files to Server

    Upload your converted certificate files (certificate.p7b and ca_bundle.p7b) as well as your private.key file to your server in a directory of your choice.

  3. Run Install Command

    Next, you will need to run the following command in order to install your certificate:

    keytool -import -trustcacerts -alias server -file your_file_name.p7b -keystore your_domain_name.jks

    If your installation was successful, you should receive the following message: "Certificate reply was installed in keystore.". If you are prompted to confirm whether or not this certificate should be trusted, enter "Y" or "Yes" in order to confirm.

  4. Configure SSL Connector

    Next, you will need to configure an SSL connector on your server, which will allow the server to accept secure connections via HTTPS. Locate and open the .xml configuration file, which is typically stored in the conf folder of your server's home directory.

    Enter the keystore filename and password, as seen in the example below:

    <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150"  minSpareThreads="25" maxSpareThreads="75"  enableLookups="false" disableUploadTimeout="true"  acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server"  keystoreFile="/home/user_name/your_domain_name.jks"  keystorePass="your_keystore_password"
  5. Restart Tomcat Server

    Finally, restart your Tomcat server in order for your changes to come into effect.

  6. Check Installation

    You have completed all required steps to install your SSL certificate. To check whether or not your certificate has been installed correctly, simply use the built-in ZeroSSL "Check Installation" tool or try accessing your domain using HTTPS, e.g.


Your site has now been secured using your new SSL certificate!

Was this article helpful?
0 out of 8 found this helpful