All Products 
Username / Customer#
Password
Log In
  • Site Search
  • Domain Search
  • WHOIS Domain Check
24/7 Support: (480) 505-8877
Hablamos Español
9 AM to 9 PM IST
7 days a week
Go Daddy Support

Search help articles, forums, and discussion groups

GO
 > Help > SSL Certificates > Certificate Renewal Instructions > SSL Certificate Renewal - Tomcat 4.x/5.x/6.x

SSL Certificate Renewal - Tomcat 4.x/5.x/6.x

Date Submitted: 8-30-2011

After we approve your certificate renewal request, you can download your SSL and intermediate certificate. For more information, see Downloading an SSL Certificate. You must install both files on your Web server.

You can also download the intermediate certificate here.

Follow the instructions below to download and install signed certificate and intermediate certificates on your Web server.

Note that Java 2 SDK 1.2 or above must be installed as the following describes how to install a certificate using keytool.

Installation Option One: Installing SSL Certificate and CA Bundle (gd_bundle.crt) Implementing a PKCS12 Keystore

Before you install your SSL certificate you must download our root certificate bundle (gd_bundle.crt) on your Web server. You may download the bundle from the repository.

Use the following OpenSSL command to combine the ca bundle (gd_bundle.crt) and your SSL certificate:

openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in <name of your certificate> -inkey <name of your certificate private key file> -out keystore.tomcat -name tomcat -passout pass:changeit

Updating the server.xml Configuration File

When you have completed installing your certificate, you must configure your Tomcat server.xml configuration file to point to the correct pkcs12 keystore file:

  1. Open the server.xml file.
  2. After uncommenting the SSL/TLS connector from server.xml, locate the following Factory tag section and COMMENT IT OUT:
    <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" />
  3. Add the following directives to the Connector tag:
    4. keystoreFile=<path to>\keystore.tomcat
    keystorePass="changeit"
    keystoreType="PKCS12"
  4. Restart Tomcat.

Installation Option Two: Installing SSL Certificate and Intermediate Certificates Separately

Installing Root and Intermediate Certificates

Once you have downloaded the certificates to your local machine, please use the following keytool commands to import them:

Root:

"keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file valicert_class2_root.crt."

First intermediate (gd_cross_intermediate.crt):

"keytool -import -alias cross -keystore tomcat.keystore -trustcacerts -file gd_cross_intermediate.crt"

Second intermediate (gd_intermediate.crt):

"keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file gd_intermediate.crt"

Installing SSL Certificate

  1. Use the following command to import the issued certificate into your keystore.
  2. keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file <name of your certificate>

Updating the server.xml Configuration File

When you have completed installing your certificate, you must configure your Tomcat server.xml configuration file to point to the correct keystore file:

  1. Open the server.xml file.
  2. After uncommenting the SSL/TLS connector from server.xml, locate the following text section:
    <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" />
  3. Add the "keystoreFile" and "keystorePass" directives:
    <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="/full/path/to/tomcat.keystore" keystorePass="changeit" />
  4. Restart Tomcat.
Rate This Article:
Related Topics:
Certificate Renewal Instructions
Related Articles:
SSL Certificate Renewal - Microsoft IIS 6.x
Certificate Renewal Instructions
SSL Certificate Renewal - Cpanel WebHost Manager
Generating a Renewal Certificate Signing Request for Microsoft IIS 5.x
SSL Certificate Renewal - Apache 1.3 / 2.x
SSL Certificate Renewal - Parallels Plesk Panel
Renewing a Cisco Intercompany Media Engine Certificate

Have a question about the content of this article?

to view your support tickets and product help.

Go Daddy Customer

View your messages

Known Issues

Updated:
15:52 MST

No issues to report

Learn More

How are we Doing?

Take Survey

24/7 Support

Call us anytime
(480) 505-8877
Hablamos Español

Wait Time 0 min expected wait time
Create a Support Ticket Contact Us Online
Get involved in Forums Start a Discussion
Go Daddy Global
Language:
Country:
Currency:
Account Manager
My Account
My Renewals
Order History
Create Account
Shopping
Domain Search
Web Hosting
Product Catalog
Go Daddy Gear
Deals of the Day
Resources
Webmail
WHOIS search
ICANN Confirmation
Affiliates
Follow & Fan Us
Legal
Small Business Center Site Map
Support
Telephone Support & Sales
Product Support
Discussion Forums
User Groups
Submit Support Ticket
Site Suggestions
Report Abuse
About Go Daddy
About Us
News Releases
Careers
Go Daddy Cares
Marketing Opportunities
Customer Testimonials
Security Center
.ME Scholarship
Round Up for Charity
Bob's Video Blog
Inside Go Daddy
Mobile
Go Daddy, on the GO!
iPhone Application
iPad Application
Android Application
Visit Go Daddy Mobile
Global Sites
Go Daddy (English)
Go Daddy (Español)
Go Daddy Australia
Go Daddy Canada
Go Daddy India
Go Daddy United Kingdom
Follow & Fan Us
Sign Up for Special Offers
Use of this Site is subject to express terms of use. By using this site, you signify that you agree to be bound by these Universal Terms of Service.
GoDaddy.com is the world's No. 1 ICANN-accredited domain name registrar for .COM, .NET, .ORG, .INFO, .BIZ and .US domain extensions. Source: RegistrarSTATS.com

Copyright ©  1999 - 2013 Go Daddy Operating Company, LLC. All Rights Reserved.
E
TESTED 2013 - 06 - 19
Traffic Log Image