Follow the instructions below to install the certificate on a Tomcat Server
Step 1: Download your Thawte certificate in PKCS#7 format
- You will receive an email when your certificate is issued.
- Retail Clients: Download your certificate in PKCS#7 format.
- Reseller Clients: Download your certificate in PKCS#7 format.
- Copy and Paste your Thawte certificate to Notepad and save as a cert.p7b
Step 2: Install your certificate and restart
- Import the Certificate into the Java keystore using the following keytool command:
keytool -import -alias tomcat -trustcacerts -file cert.p7b -keystore [keystorename]
Alternate installation instructions if above errors with "keytool error: certificatesexception: Input not an X.509 certificate" occur.
- Follow Step 1 by downloading an X.509 certificate file format.
- Download both Primary and Secondary Intermediate certificate as separate files.
- Select the Intermediate CAs link based on your certificate product type. Once you have the SSL certificate, Primary and Secondary Intermediate CA certificate files, begin the import process.
Note: It is imperative the installation of Primary Intermediate CA, Secondary Intermediate CA and SSL certificate on the keystore is followed below.
- Import the Primary Intermediate certificate (e.g., use alias: PrimaryIntCA)
keytool -import -alias primary -trustcacerts -file primary_intermediate_file_name -keystore [keystorename]
- Import the Secondary Intermediate certificate (e.g., use alias: SecondaryIntCA)
keytool -import -alias secondary -trustcacerts -file secondary_intermediate_file_name -keystore [keystorename]
- Import the SSL certificate (Use the same alias name based on the created keystore and submitted CSR from Thawte)
keytool -import -alias [your_alias_name] -trustcacerts -file X.509_file_name -keystore [keystorename]
Note: Tomcat keeps its configuration information in the server.xml file. Configure Tomcat to reference the correct keystore and keystore password.
Tomcat runs SSL over port 8443. Make sure that this port is enabled on the Tomcat server and any firewalls/proxies this server may lie behind.