Ask a Question

Advanced Search

Alert ID : INFO153

Last Modified : 12/18/2018

Installation Instructions for Tomcat using PKCS#7 format


This document provides instructions for installing SSL certificates on Tomcat using the PKCS#7 formatted certificate.
Step 1:  Download the SSL certificate
  1. Sign into your Symantec Trust Center account and download the certificate by following the steps from this link:  SO8061
    Note: Ensure that the Apache/Tomcat server platform has been selected when downloading the certificate.
  2. The ZIP file you download contain the SSL and Intermediate AC certificate in PKCS#7 file (i.e. ssl_certificate.p7b).
  3. Unzip the files onto the server where you will install the certificate.
Step 2: Import the SSL certificate into the keystore
  1. At the command prompt, enter:
    keytool -import -alias your_alias_name -trustcacerts -file ssl_certificate.p7b -keystore your_keystore_filename
Note: The alias name and keystore name in this command must be the same as the alias name and keystore name used during the generation of the private key and Certificate Signing Request (CSR).
During the import you might get following error: Error: "java.lang.Exception: Input not an X.509 certificate." To troubleshoot this error, refer to solution: SO7222

If you are unable to use these instructions for your server, Symantec recommends that you contact either the vendor of your software or an organization that supports Tomcat.

Step 3: Confirm the contents of the keystore
  1. At the command prompt, enter:

    keytool -list -v -keystore  your_keystore_filename >output_filename

    For Example:
    keytool -list -v -keystore keystore_name >keystorelist.txt
    Enter keystore password: _
  2. View the contents of the keystore.
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

Alias name: alias
Creation date: Jul 1, 2016
Entry type: PrivateKeyEntry
Certificate chain length: 3

Verify the following information:

The end entity certificate is imported into the alias with the "Entry Type" of PrivateKeyEntry or KeyEntry. If not, please import the certificate into the Private Key alias.

Note: The Certificate chain length: tells you the keystore was successful in establishing the certificate chain, and your keystore is ready for use.

Step 4: Configure Tomcat server

Once the certificates are imported into the keystore, configure your server.xml to enable SSL. Refer to solution: SO5306

Step 5: Verify certificate installation
Verify your installation with the Symantec Installation Checker

Tomcat Support
For more information, see Tomcat Support website.