Ask a Question

Advanced Search

Alert ID : INFO1953

Last Modified : 05/03/2018

Managed PKI for SSL - Installation Instructions for Tomcat using PKCS#7 format


This document provides instructions for installing SSL Certificates. If unable to use these instructions for your server, Symantec recommends that you contact either the vendor of your software or an organization that supports Tomcat.
Step 1:  Download the SSL Certificate
  1. Download the certificate from Managed PKI for SSL subscriber services page by following the steps from this link.
    NOTE: Ensure that the PKCS#7 format has been selected when downloading the certificate.
  2. Make sure there are 5 dashes to either side of the BEGIN PKCS#7 and END PKCS#7 and that no white spaces, extra line breaks or additional characters have been inadvertently added. 
  3. To follow the naming convention for Tomcat, rename the certificate filename with the .p7b extension. For example: ssl_cert.p7b

    NOTE: If you want to install the Certificate sent from Symantec via e-mail, follow the installation instructions from this link.
Step 2: Import the SSL Certificate into the Keystore
  1. Enter the following command to import your SSL Certificate:

    keytool -import -alias your_alias_name -trustcacerts -file ssl_cert.p7b -keystore your_keystore_filename

    NOTE: The alias name and Keystore name in this command must be the same as the alias name and Keystore name used during the generation of the private key and CSR.

    NOTE: During the import you might get following error: Error: "java.lang.Exception: Input not an X.509 certificate". To troubleshoot the error please refer to the steps from this solution.

Step 3: Confirm the Contents of the Keystore

  1. Enter the following command to list the contents of the keystore:

    keytool -list -v -keystore  your_keystore_filename >output_filename

    For Example:

  2. View the contents of the output file. 

  3. Verify the following information:

    The SSL certificate is imported into the alias with the "Entry Type" of PrivateKeyEntry or KeyEntry.  If not, please import the certificate into the Private Key alias.
Step 4: Configure Tomcat server
         Once the certificates are imported into the keystore, configure your server.xml to enable SSL.

Tomcat Support
         For more information, see the Tomcat Web site.