Tomcat 4.x/5.x/6.x: Renew a certificate
After we approve your certificate renewal request, you can download your SSL and intermediate certificate. For more information, see Download my SSL certificate files. You must install both files on your Web server.
You can also download the intermediate certificate here.
Follow the instructions below to download and install signed certificate and intermediate certificates on your Web server.
Note that Java 2 SDK 1.2 or above must be installed as the following describes how to install a certificate using keytool.
Installation Option One: Installing SSL Certificate and CA Bundle (sf_bundle.crt) Implementing a PKCS12 Keystore
Before you install your SSL certificate you must download our
root certificate bundle (sf_bundle.crt) on your Web server. You may download the bundle from the
Use the following OpenSSL command to combine the ca bundle (sf_bundle.crt) and your SSL certificate:
Updating the server.xml Configuration File
When you have completed installing your certificate, you must configure your Tomcat server.xml configuration file to point to the correct pkcs12 keystore file:
- Open the server.xml file.
- After uncommenting the SSL/TLS connector from server.xml, locate the following
Factory tag section and COMMENT IT OUT:
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" />
- Add the following directives to the Connector tag:
- Restart Tomcat.
keystoreFile=<path to>\keystore.tomcat
keystorePass="changeit"
keystoreType="PKCS12"
Installation Option Two: Installing SSL Certificate and Intermediate Certificates Separately
Installing Root and Intermediate Certificates
Once you have downloaded the certificates to your local machine, please use the following keytool commands to import them:
Root:
First intermediate (sf_cross_intermediate.crt):
Second intermediate (sf_intermediate.crt):
Installing SSL Certificate
Use the following command to import the issued certificate into your keystore:
Updating the server.xml Configuration File
When you have completed installing your certificate, you must configure your Tomcat server.xml configuration file to point to the correct keystore file:
- Open the server.xml file.
- After uncommenting the SSL/TLS connector from server.xml, locate
the following text section:
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" />
- Add the "keystoreFile" and "keystorePass" directives:
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="/full/path/to/tomcat.keystore" keystorePass="changeit" />
- Restart Tomcat.