Tomcat Keystore

Posted : admin On 1/25/2022

Here are step-by-step instructions to Install SSL Certificate on Apache Tomcat server

  1. Tomcat Keystore Has Been Corrupted
  2. Tomcat Keystore
  3. Tomcat Keystore File
  4. Tomcat Keystore Password Was Incorrect

Hi All, I have to encrypt keystore password in server.xml. For decrypting,I have inherited the class Http11Nio2ProtocolHttp11Nio2ProtocolDecryptProp extends Http11Nio2Protocol and decrypted in setKeyStorePass overridden method then set that to endpoint keystorePass and super class setKeyStorePass.I could see the encryption happened successfully. Tomcat is the actual alias of your keystore. The alias for your end-entity certificate should be the same as the one you used when creating the keystore with the Private key. If you did not specify the alias during the keystore creation, the default value will be mykey.

Released 19 years ago, Apache Tomcat server is one of the most popular choices when it comes to open-source servers. Among all Java application servers, Tomcat occupies a staggering 63.9% of the market share. But we’re not here to sing the praises of Tomcat, are we? So, let’s get to the SSL certificate installation process in Tomcat without wasting much time.

Get SSL for your Apache Tomcat server and save up to 71%

Authenticate your Tomcat server using a reliable SSL certificate and set up a secure communication channel.

Before you begin…

Tomcat keystore windowsTomcat Keystore

You must make sure that the certificate files that you received from your certificate provider are stored in the same server directory as the keystore you created at the time of CSR generation.

If you’ve taken care of this requirement, you’re good to go.

Here’s how to install SSL in Tomcat

Step 1: Root Certificate Installation

First and foremost, you’ll need to install your root certificate file on your server. You’ll need to install the following command to do it:

keytool -import -trustcacerts -alias root -file RootCertFileName.crt -keystore keystore.key

Now, you’ll receive a message that says “Certificate already exists in system-wide CA keystore under alias <…> Do you still want to add it to your own keystore? [no]:”. Choose Yes. If the installation was successful, a “Certificate was added to keystore” message will be displayed on your screen.

Step 2: Intermediate Certificate Installation

Depending on your CA, you may or may not need to do this step. That’s because not every CA provides an intermediate certificate. You only need to install an intermediate certificate if you have received one. Run the following command to do so:

keytool -import -trustcacerts -alias intermediate -file IntermediateCertFileName.crt -keystore keystore.key

A “Certificate was added to keystore” message will be displayed if this went well.

Step 3: Primary Certificate Installation

Type in the following command to install the primary certificate:

Tomcat Keystore

keytool -import -trustcacerts -alias tomcat -file PrimaryCertFileName.crt -keystore keystore.key

Once done successfully, you should see a “Certificate reply was installed in keystore” message on your screen.

Step 4: SSL Connector Configuration

Once all these steps are done successfully, you’ll need to configure your SSL connector. Without this, an SSL/TLS connection cannot be established. So, keep a close eye on this part.

The things you’ll need to do are to change the file location and password.

  • First, copy your keystore file to the home directory

Note: On Unix and Linux systems, the home directory would be /home/user_name/ while it would be Settingsuser_name on Microsoft Windows systems.

  • Open ${CATALINA_HOME}/conf/server.xml file in a text editor (e.g. Notepad)
  • You’ll need to uncomment the SSL Connector Configuration
  • Verify that the Connector Port is 443. If not, change it to 443.
  • Finally, check whether the keystorePass matches with the keystore password. Also, confirm if the keystoreFile consists of the file and pathname of the keystore.

All done? The connector will look like:

<Connector className=”org.apache.catalina.connector.http.HttpConnector” port=”8443″ minProcessors=”5″ maxProcessors=”75″ enableLookups=”true” acceptCount=”10″ debug=”0″ scheme=”https” secure=”true”>

<Factory className=”” clientAuth=”false” protocol=”TLS” keystoreFile=”/working/mykeystore” keystorePass=”password”/>

  • Save the changes to server.xml file
  • Restart your Tomcat server

Tomcat Keystore Has Been Corrupted

If everything went smoothly, your Tomcat server should now have an SSL/TLS certificate as your gatekeeper.


Tomcat Keystore

It might be necessary to remove a certificate, e.g. if it was added by accident, from a keystore. To do so, follow these instructions:

  • Make a work copy of your keystore on which we're going to make modifications.
  • Identify the alias of the wrong certificate using the following command:
  • Delete the alias of the wrong certificate:
  • Replace your server's keystore by your copy.

Tomcat Keystore File

Last edited on 07/24/2020 09:15:12 --- [search]

Tomcat Keystore Password Was Incorrect

© TBS INTERNET, all rights reserved. All reproduction, copy or mirroring prohibited. Legal notice. -- Powered by anwiki