This document provides instructions for installing SSL Certificates. If you are unable to use these instructions for your server, Symantec recommends that you contact either the vendor of your software or an organization that supports Tomcat.
Step 1: Download and Install Symantec CA Certificates:
- Go to: Symantec Intermediate CA Certificates page.
- Select the CA certificates based on your SSL certificate product
NOTE: To check which certificate you have purchased, follow the steps from this link: SO22021
- Copy and save the Intermediate CA contents into a text file as inter.cer.
NOTE: Use a text editor such as Notepad or Vi.
- Use the following command to import the inter.cer into the keystore:
keytool -import -trustcacerts -alias Intermediate -keystore your_keystore_filename -file inter.cer
Step 2: Install the SSL Certificate
- Symantec will send the SSL Certificate via e-mail. If the certificate is an attachment (Cert.cer), you can use the file
or if the certificate is in the body of the email, copy and paste it into a text file using Vi or Notepad.
NOTE: To download the certificate from Managed PKI for SSL subscriber services page by following the steps from this link: SO6621
Ensure that the X.509 format has been selected and copy only the End Entity Certificate.
The text file should look like:
- Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces, extra line
breaks or additional characters have been inadvertently added.
- To follow the naming convention for Tomcat, rename the certificate filename with the .cer extension. For example: ssl_cert.cer
Enter the following command to import your SSL Certificate:
keytool -import -trustcacerts -alias your_alias_name -keystore your_keystore_filename -file your_certificate_filename
NOTE: The alias name in this command must be the same as the alias name used during the generation of the private key and CSR.
Step 3: Confirm the contents of the keystore
- Enter the following command to list the contents of the keystore:
keytool -list -v -keystore your_keystore_filename >output_filename
View the contents of the output file.
- Verify the following information:
The SSL certificate is imported into the alias with the "Entry Type" of PrivateKeyEntry or KeyEntry. If not, please import the certificate into the Private Key alias.
Step 4: Configure Tomcat server
Once the certificates are imported into the keystore, configure your server.xml to enable SSL: SO5306