Ask a Question

Advanced Search

Alert ID : INFO124

Last Modified : 05/17/2018

Managed PKI for SSL - Installation Instructions for Tomcat using X.509 format


This document provides instructions for installing SSL Certificates. If you are unable to use these instructions for your server, Symantec recommends that you contact either the vendor of your software or an organization that supports Tomcat.
Step 1: Download and Install Symantec CA Certificates:
  1. Go to: Symantec Intermediate CA Certificates page.
  2. Select the CA certificates based on your SSL certificate product
    NOTE: To check which certificate you have purchased, follow the steps from this link: SO22021 
  3. Copy and save the Intermediate CA contents into a text file as inter.cer.
    NOTE: Use a text editor such as Notepad or Vi. 
  4. Use the following command to import the inter.cer into the keystore:

    keytool -import -trustcacerts -alias Intermediate -keystore your_keystore_filename -file inter.cer 
Step 2: Install the SSL Certificate
  1. Symantec will send the SSL Certificate via e-mail. If the certificate is an attachment (Cert.cer), you can use the file
    or if the certificate is in the body of the email, copy and paste it into a text file using Vi or Notepad.

    NOTE: To download the certificate from Managed PKI for SSL subscriber services page by following the steps from this link: SO6621
    Ensure that the X.509 format has been selected and copy only the End Entity Certificate.

    The text file should look like:


             [encoded data]

    -----END CERTIFICATE-----
  2. Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces, extra line
    breaks or additional characters have been inadvertently added. 
  3. To follow the naming convention for Tomcat, rename the certificate filename with the .cer extension. For example: ssl_cert.cer

    Enter the following command to import your SSL Certificate:

    keytool -import -trustcacerts -alias your_alias_name -keystore your_keystore_filename -file your_certificate_filename

    For Example:

    NOTE: The alias name in this command must be the same as the alias name used during the generation of the private key and CSR.
Step 3: Confirm the contents of the keystore
  1. Enter the following command to list the contents of the keystore:

    keytool -list -v -keystore  your_keystore_filename >output_filename

    For Example:

View the contents of the output file. 
  1. Verify the following information:

    The SSL certificate is imported into the alias with the "Entry Type" of PrivateKeyEntry or KeyEntry.  If not, please import the certificate into the Private Key alias.
Step 4: Configure Tomcat server

          Once the certificates are imported into the keystore, configure your server.xml to enable SSL: SO5306

Tomcat Support
           For more information, see the Tomcat Website