Install a GeoTrust certificate in Tomcat Server

Solution ID:    SO15323    Updated:    05/23/2017

Solution

Follow the instructions below to install the certificate on a Tomcat Server

Step 1: Download the GeoTrust certificate in PKCS#7 format 

  1. Download a PKCS #7 certificate file format through GeoTrust

Step 2: Install the SSL certificate

  • Tomcat keeps its configuration information in the server.xml file. Configure Tomcat to reference the correct keystore and keystore password, refer to this solution.
  1. Import the SSL certificate into the Java keystore using the following keytool command:
     
    keytool -import -alias your_alias_name -trustcacerts -file certificate.p7b  -keystore [keystorename]


Alternate Installation Instructions with X509 format.

  1. Follow Step 1 by downloading an X.509 certificate file format.
  2. Download the intermediate certificate.
  3. Select the Intermediate CAs link based on your certificate product type.  Once you have the SSL certificate and Intermediate CA certificate files, begin the import process. 
    Note: It is imperative the installation of Intermediate CA and SSL certificate on the keystore is followed below.
  4. Import the Intermediate CA certificate (e.g., use alias: intermediateCA)
     
    keytool -import -alias intermediateCA -trustcacerts -file intermediate_file_name  -keystore [keystorename]

  5. Import the SSL certificate (Use the same alias name based on the created keystore and submitted CSR from GeoTrust)
     
    keytool -import -alias [your_alias_name] -trustcacerts -file X.509_file_name -keystore [keystorename]

 

Step 3: Configure Tomcat server

  • Tomcat keeps its configuration information in the server.xml file. Configure Tomcat to reference the correct keystore and keystore password, refer to this solution.


Step 4:  Verify certificate installation


Note: Tomcat runs SSL over port 8443. Make sure that this port is enabled on the Tomcat server and any firewalls/proxies this server may lie behind.

For additional trouble shooting steps regarding "keytool error: java.lang.Exception: Input not an X.509 certificate".

Disclaimer:

Geotrust has made efforts to ensure the accuracy and completeness of the information in this document. However, Geotrust makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. Geotrust assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.

Further, Geotrust assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. Geotrust reserves the right to make changes to any information herein without further notice.

Contact Support

Find Answers


Search Tips