SSL 247 are authorised strategic resellers of Verisign,GlobalSign, Geotrust and RapidSSL products

Jakarta-Tomcat

Installing your SSL Certificate / Web Server Certificate / Secure Server Certificate from ssl247.co.uk

Firstly when your issuance email arrives you will have two certificates in the email - your server certificate and a ChainedSSL CA certificate.

Copy the ChainedSSL CA certificate into a text editor such as notepad and save as chain.pem.
Copy your web server certificate into a text editor such as notepad and save as yourdomain.pem.
Copy the root CA certificate found at the bottom of this page into a text editor and save as root.pem.

The following certificate installations must be executed in the stated order.

1. Import the "Root Certificate" using the following command:
   
   $JAVA_HOME/bin/keytool -import -trustcacerts -alias root -keystore /path/to/domainname.kdb -file root.pem
   
   
2. Import the "Root Certificate" using the following command:
   
   $JAVA_HOME/bin/keytool -import -trustcacerts -alias chainedsslca -keystore /path/to/domainname.kdb -file chain.pem
   
   
3. Import the "Server Certificate" using the following command:
   
   $JAVA_HOME/bin/keytool -import -trustcacerts -alias ??? -keystore /path/to/domainname.kdb -file domainname.pem

   Note: Replace ??? with the alias specified when creating the CSR.

A confirmation that the certificate has been added to the keystore will then be presented.

Update server.xml configuration file:

1. Open "$JAKARTA_HOME/conf/server.xml" in a text editor.
2. Find the following section:
   
   <Connector className="org.apache.catalina.connector.http.HttpConnector"
   port="8443" minProcessors="5" maxProcessors="75"
   enableLookups="true"
   acceptCount="10" debug="0" scheme="https" secure="true">
   <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
   clientAuth="false" protocol="TLS"
   keystoreFile="tomcat.kdb"
   keystorePass="password"/>
   
   
3. If you want Tomcat to use the default SSL port, change all instances of the port number 8443 to 443.
   
   
4. Add the keystoreFile and keystorePass directives to correspond with the keystore file and password that you are using.
   
   
5. Start or restart Tomcat using the appropriate startup script (startup.sh for unix/linux or startup.bat for windows)

---

Root CA Certificate

-----BEGIN CERTIFICATE-----
MIIDwDCCAqigAwIBAgIEAIWUoDANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMC
VVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEeMBwGA1UE
ChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVz
ZXJ0cnVzdC5jb20xKzApBgNVBAMTIlVUTi1VU0VSRmlyc3QtTmV0d29yayBBcHBs
aWNhdGlvbnMwHhcNMDIwNzExMTI0MTE1WhcNMDYwNzI0MTI0MTE1WjCB2zELMAkG
A1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxGDAWBgNVBAcTD1dlbGxl
c2xleSBIaWxsczEYMBYGA1UEChMPd3d3LmZyZWVzc2wuY29tMSYwJAYDVQQLEx1T
ZWUgd3d3LmZyZWVzc2wuY29tL2NwcyAoYykwMjE+MDwGA1UECxM1RG9tYWluIENv
bnRyb2wgVmFsaWRhdGVkIC0gT3JnYW5pemF0aW9uIE5vdCBWYWxpZGF0ZWQxGDAW
BgNVBAMTD3d3dy5mcmVlc3NsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEA4VfTd0Ckf+T/Uj3rKNnbVa3M/LN1gwaOTuYhNFDCLxSkzQcQU4JngSb1ufeQ
VI2aIVQlvA3xeNgzTWZ7EVIFF7l4GyivTeKTXDOH4MMgxfNcq0e04K2FiysmK2vN
YMy9NG6/DQKmRICGxwqWOyJirluk/xp5BgmgYkbn28orxScCAwEAAaNGMEQwEQYJ
YIZIAYb4QgEBBAQDAgZAMA4GA1UdDwEB/wQEAwIE8DAfBgNVHSMEGDAWgBT6hsnb
4LrpePVLqNYV3/DT4WoUPDANBgkqhkiG9w0BAQQFAAOCAQEAVhNsYb9TMBVEWLwh
EmyBzFcYU5wr+/fk3gJhaaaFGGG6RLIq+Lc6YAlSfd6LOK/kGe31EQnPhgrQz4FY
udBKNB+rDCmlNviOB6aOeHsdeKSj2mkO0lrBclb2LOKyQls2HC6Db0Py+BaLEUob
y3Ar0ykiIiRl8ZW6IH1KW2kxCx6gkIbuqLJxUVNWnsHf5YLF/N+Ty9yTwZhXwZww
Drgq13UepjK3U5qDSxsUYjeLjr+BVsVZKI0DDeUtXXeuIsp5aF4rOQqOwo1JZZTt
mHDQgdLg+SmGADPdIZ5ugV8LjzOmGEN9SiIT0C67rDmg3A/jzhkx8OGyIrFF+70+
AxhV9A==
-----END CERTIFICATE-----