Home » SSL & Security » nsProtectâ„¢ Secure SSL » nsProtectâ„¢ Secure SSL Topics » Installing SSL Certificate Topics » Installation of an EV SSL Certificate for Tomcat/Apache
Search Support
contact us

Let Us Make it Easy for You. Call 1-877-898-3290 for MyTime Support™. Learn More

Installing SSL Certificate Topics

Article Rating: 1 / 5 Votes: 11

Installation of an EV SSL Certificate for Tomcat/Apache

Installation of an EV SSL Certificate for Tomcat/Apache

 

Step One

 

You will receive 5 files in a zip file from Network Solutions.
These must be imported in the correct order:

AddTrustExternalCARoot.crt
UTNAddTrustServer_CA.crt
NetworkSolutionsUTNServerCA.crt
NetworkSolutionsEVSSLCA.crt
"DOMAINNAME.COM".crt (where "DOMAINNAME.COM" is your domain)

In the following example please replace the example keystore name 'domain.key' with your keystore name.

Use the keytool command to import the root certificate file with an alias as follows:

keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore domain.key

Use the same process for the UTNAddTrustServer_CA.crt  file, the NetworkSolutionsUTNServerCA.crt  file, and the NetworkSolutionsEVSSLCA.crt  file using the keytool commands:

keytool -import -trustcacerts -alias INTER1 -file UTNAddTrustServer_CA.crt -keystore domain.key

keytool -import -trustcacerts -alias INTER2 -file NetworkSolutionsUTNServerCA.crt -keystore domain.key

keytool -import -trustcacerts -alias INTER3 -file NetworkSolutionsEVSSLCA.crt -keystore domain.key

Use the same process for the site domain certificate using the keytool command. If you are using an alias then please include the alias command in the string. Example:
keytool -import -trustcacerts -alias "yyy" -file "DOMAINNAME.COM".crt -keystore domain.key

(where "yyy" is the alias specified during CSR creation and"DOMAINNAME.COM" is your domain)

 

Step Two

 

Tomcat will first need a SSL Connector configured before it can accept secure connections.

Note: By default Tomcat will look for your Keystore with the file name .keystore in the home directory with the default password 'changeit'. The home directory is generally /home/user_name/ on Unix and Linux systems, and C:\Documents and Settings\user_name\ on Microsoft Windows systems. -- It is possible to change the filename, password, and even location that Tomcat looks for the keystore. If you need to do this, pay special attention to #8 of Option 1 or #5 of Option 2 below.

Option 1 -- Add an SSL Connector using admintool:

 

1.       Start Tomcat

2.       Enter 'http://localhost:8080/admin' in a local browser to start admintool

3.       Type a username and password with administrator rights

4.       On the left select 'Service' (Java Web Services Developer Pack)

5.       Select 'Create New Connector' from the drop-down list on the right

6.       Choose 'HTTPS' in the 'Type' field

7.       In the 'Port' field, enter '443'. This defines the TCP/IP port number on which Tomcat will listen for secure connections

8.       Enter the Keystore Name and Keystore Password if (a.) your keystore is named something other than .keystore, (b.) if .keystore is located in a directory other than the home directory of the machine on which Tomcat is running, or if (c.) the password is something other than the default value of 'changeit'. If you have used the default values, you can leave these fields blank.

9.       Select 'Save' to save the new Connector

10.    Select 'Commit Changes' to save the new Connector information to the server.xml file so that it is available the next time Tomcat is started


Option 2 -- Configure the SSL Connector in server.xml:

 

1.       Copy your keystore file (your_domain.key) to the home directory (see the Note above)

2.       Open the file Home_Directory/conf/server.xml in a text editor

3.       Uncomment the 'SSL Connector' Configuration

4.       Make sure that the 'Connector Port' is 443

5.       If your keystore filename is something other than the default file name (.keystore) and/or your keystore password is something other than default ('changeit') then you will need to specify the correct keystore filename and/or password in your connector configuration -- ex. keypass="newpassword". When you are done your connector should look something like this:

<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/home/user_name/your_domain.key" keypass="your_keystore_password"/>

6.       Save the changes to server.xml

7.       Restart Tomcat