Products & Services | Switch to Us | Support | Contact Us | About Us | Home
 
support


CSR Generation

Validation

Certificate Installation

FAQ


server software

Apache (mod_SSL & OpenSSL)
cPanel / WHM
Cobalt RAQ
MS Exchange 2007
MS Exchange 2010
F5 BigIP
HSphere
IBM HTTP Server
iPlanet 4.x / SunONE 6.x
Java-based Webservers
Microsoft IIS 4.x
Microsoft IIS 5.x/6.x
Microsoft IIS 7.x
Oracle (using Wallet Manager)
Plesk



Certificate Installation: Java-based Webservers (e.g. Tomcat) using keytool

Installing a Certificate Signing Request (CSR) with a Java-based Webserver such as Tomcat, using keytool

You will have received your certificate from us, a file typically named 'your_domain_com.crt' as well as the intermediate %%INTERMEDIATE%%. The root certificate 'EntrustSecureServerCA.crt' is also provided.

You need to copy these files to your server, and then move to the directory where the keystore that was used to generate the CSR is located. Then execute the commands below to install the certificates.

  1. Firstly, import the root certificate (called 'EntrustSecureServerCA.crt'), with the following command: 
    keytool -import -trustcacerts -alias root -file EntrustSecureServerCA.crt -keystore my_keystore.jks

    Replace the file 'my_keystore.jks' with the filename and path you wish to locate the keystore. Do this in all the commands below as well.



  2. Next import the intermediate certificate (called 'TrustedSecureCertificateAuthority.crt'), with the following command: 
    keytool -import -trustcacerts -alias TrustedSecureCA -file TrustedSecureCertificateAuthority.crt -keystore my_keystore.jks

    Repeat this command with any other intermediates certificates you received. 'TrustedSecureCertificateAuthority.crt'



  3. Finally, import the site certificate (the file with your domain in the filename), with the following command: 
    keytool -import -trustcacerts -alias server -file your_domain_com.crt -keystore my_keystore.jks

    The 'server' alias should be the same alias name as you used when creating the CSR. For Tomcat servers, this should be 'tomcat'.



  4. The certificates are all installed in the keystore, and you can configure your software to use that keystore.
    To do this with Apache Tomcat, you can edit the 'server.xml' file.
    Open the file, and search for a line that looks like the below, replacing the parts hightlighted to match your keystore (port, keystoreFile and keypass): 
    <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" 
    enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" 
    clientAuth="false" sslProtocol="TLS" keystoreFile="/path/to/my_keystore.jks" keypass="mykeystorepassword"/>
Notes:
If you do not enter an alias with the '-alias' command flag when generating the CSR, the default alias will be used, 'mykey'. Use this alias at step 3.

For Tomcat, change the '-alias server' to '-alias tomcat'

  •     Enterprise SSL Certificates
      Secure your e-transactions and maximize budget efficiencies with TrustedSecure Enterprise SSL Certificates.
      Learn more
  •     TrustedSecure Site Seal
      Give your site visitors the confidence that they can share private information securely with the TrustedSecure Site Seal.
      Learn more
  •     CSC TrustedSecure CertManager
      Access the CSC TrustedSecure Certificate Authority and manage your enterprise's SSL portfolio online with the TrustedSecure CertManager.
      Learn more
  •     Cert-Assure™ Audit
      Uncover all certificates that have been registered and confirm their expiration dates with a Cert-Assure audit.
      Learn more
    • Copyright 2010 Corporation Service Company, All rights reserved.