Ask a Question

Advanced Search

Solution ID : SO16221

Last Modified : 04/26/2019

Installing a PKCS#7 version of an SSL certificate in Tomcat


The steps below are for installing a PKCS#7 (.P7B, .P7S) formatted certificate into a keystore.  If you have a X.509 (.CER, .CRT) please click here for X.509 installation documentation.

Step 1: Download the server certificate:

  1. Download the certificate as PKCS#7

Step 2: Importing the certificate into the keystore:

  1. Execute the command below to import the PKCS#7 certificate.  This command will import the server certificate and the intermediate ca certificate as both are contained within a PKCS#7 formatted certificate.

    keytool -import -alias [keyAlias] -trustcacerts -file [certificate.p7b] -keystore [keystore.kdb]

    Note: When executing the command to import the SSL certificate, the alias of the private key used to genreate the CSR must be used.  Depending on the version of Java used, this alias should be listed with the type keyAlias or privateKeyAlias.  To review the keystore contents, execute the command below.

    keytool -list -v -keystore [keystore_file.kdb]

    If the installation is successful you will see "Certificate reply was installed in keystore".  If the import failed, please search for the error in our Knowledge Base.

Step 3: Configure the Tomcat server:

  1. Locate the tomcat configuration file (example Server.xml), the configuration file name can be different depending on your Tomcat version or distribution. The configuration file will need to be updated to reference your keystore file and password.
  2. Open the Server.xml file in a text editor (such as VI or Notepad)
  3. Find the following section of code in the file (try searching for SSL Connector) and remove the comment tags, if included, that are around the connector entry (highlighted in red).

    <-- SSL Connector on Port 8443 -->
          port="8443" minProcessors="5"
          connectionTimeout="60000" debug="0"
           scheme="https" secure="true">
                 clientAuth="false" protocol="TLS"
                 keystoreFile="insert path to the keystore here">
                 keystorePass="insert keystore password here">

  4. Update the keystoreFile value to the path and file of the keystore.
  5. Update the keystorePass value to the keystore password.
  6. Save the Server.xml file
  7. Start Tomcat

Note: By default Tomcat runs SSL over port 8443. Make sure that this port is enabled on the Tomcat server and any firewalls/proxies this server may lie behind.

Verify the installation of the RapidSSL certificate using the Checker.