Image of How to install SSL certificate on multiple Tomcat nodes

ADVERTISEMENT

Table of Contents

Introduction

This tutorial describes how to install a single SSL certificate on multiple Tomcat nodes.

1. Generate CSR

The first thing you should do before generating an SSL certificate is to generate a CSR file from any of your Tomcat nodes. To generate the CSR file, follow the below steps:

  • Open cmd as administrator and go to /bin
  • Create a key store using the following command:
keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore
  • When asked for “First and Last Name”, type the full domain name of your application i.e. programmergate.com
  • Generate a CSR file using the following command:
keytool -certreq -keyalg RSA -alias tomcat -file csr.csr -keystore tomcat.keystore

Now, a file called csr.csr is generated under the same path. Just provide the certificate authority with this file in order to get your certificate.

2. Install the certificate on node 1

After getting the certificate from the CA, go to the same node on which you generate the CSR and install it there by following the below steps.

  • Open cmd as administrator and go to /bin
  • Install the root certificate:
keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file [name of the root certificate]

Install the intermediary certificate:

keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file [name of the intermediate certificate]

Install the issued certificate:

keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file [name of the certificate]

3. Generate a pfx file

After installing the certificate, stay on node 1 and generate a pfx file which we’ll use later to install on the other nodes.

To generate a pfx file, run the following command:

keytool -importkeystore -srckeystore tomcat.keystore -destkeystore [certificate.p12]
 -srcstoretype JKS -deststoretype PKCS12 -deststorepass [PASSWORD_PKCS12]
 -srcalias tomcat -destalias [ALIAS_DEST]

where:

  • srckeystore: the name of the source key store
  • destkeystore: the name of the pfx file
  • deststorepass: the password of the pfx file
  • srcalias: alias of the source key store
  • destalias: alias of the pfx file

4. Install the pfx file on other nodes

After generating the pfx file at node 1, copy it to the other nodes and install it separately on each node.

To install the pfx file, follow the below steps:

  • Open cmd as administrator and go to /bin
  • Copy the pfx file there.
  • Import the pfx file using the following command:
keytool -importkeystore -v -srckeystore certificate.p12 -srcstoretype PKCS12 -destkeystore tomcat.keystore -deststoretype JKS
  • When asked for “First and Last Name”, type the same domain name that you used when creating the key store at node 1.
  • When asked for the pfx password, type the one that we use when generating the pfx in step 3.

Repeat Step 4 on every Tomcat node and you should be good to go.

Summary

This tutorial describes how to install a single SSL certificate on multiple Tomcat nodes.

Next Steps

If you're interested in learning more about the basics of Java, coding, and software development, check out our Coding Essentials Guidebook for Developers, where we cover the essential languages, concepts, and tools that you'll need to become a professional developer.

Thanks and happy coding! We hope you enjoyed this article. If you have any questions or comments, feel free to reach out to jacob@initialcommit.io.

Final Notes