Install an SSL Certificate on a Tomcat or Java-based Web Server

This how-to illustrates how to install SSL certificates on a Tomcat or other Java-based server with keytool, a command-line tool for managing keys and certificates in a Java KeyStore.

Root and Intermediate Certificates

Proper functioning of a server certificate depends on the successful installation of intermediate and root certificates. For a list of all SSL.com downloadable root and intermediate certificates, please refer to the SSL.com Repository.

Certificate Installation with Keytool

Use the keytool command to import the root certificate(s) as follows (use the clickable tabs to select between instructions for SSL.com roots):

keytool -import -trustcacerts -alias root2 -file SSL_COM_ROOT_CERTIFICATION_AUTHORITY_RSA.crt -keystore domain.key

keytool -import -trustcacerts -alias INTER -file SSL_COM_RSA_SSL_SUBCA.crt -keystore domain.key

Use the same process for the site certificate using the keytool command.  The alias for this certificate should match the alias that you used when creating the CSR.

keytool -import -trustcacerts -alias yyy (where yyy is the alias specified during CSR creation) -file domain.crt -keystore domain.key

The password is then requested:
Enter keystore password: (This is the one used during CSR creation)

The following information will be displayed about the ssl certificate and you will be asked if you want to trust it (the default is no so type ‘y’ or ‘yes’):

Owner: CN= Root, O=Root, C=US
Issuer: CN=Root, O=Root, C=US
Serial number: 111111111111
Valid from: Fri JAN 01 23:01:00 GMT 1990 until: Thu JAN 01 23:59:00 GMT 2050
Certificate fingerprints:
MD5: D1:E7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
SHA1: B6:GE:DE:9E:4C:4E:9F:6F:D8:86:17:57:9D:D3:91:BC:65:A6:89:64
Trust this certificate? [no]:

Then an information message will display as follows:

Certificate was added to keystore

All the certificates are now loaded and the correct root certificate will be presented.