Skip to main content
ExLibris
  • Subscribe by RSS
    • Back
    campusM
    Ex Libris Knowledge Center

    Applying Certificates to the Apache Tomcat Server

    1. Last updated
    2. Save as PDF
    This guide covers the steps required to apply certificates to the Apache Tomcat Server

    Apache Tomcat

     

    It is the responsibility of the customer to ensure the Tomcat server is properly configured with the necessary SSL Certificates.

    Ex Libris is unable to process any requests for this to be done on the customer’s behalf.

    As such, the following document serves to outline the generic process, and will evolve to include F.A.Q.s.

     

    Prerequisites:

     1. Must have access to the Tomcat Server.

     2. Must have permissions to navigate all folder structures, and to upload/move files.

     3. Must know password for Java keychain if it is not the default (see guide for more details).

    Process:

    Access the Tomcat Server via console or SSH.

    Attempt to locate the keystore location using the following command:

    locate cacert

    If a single location is returned, you now know the keystore you must navigate to. If multiple locations are returned, you must first determine which version of Java is in use, and then navigate to the corresponding path. Java version may be determined by entering the following command:

    java -version

    Having navigated to the path determined by the previous step, determine whether the certificate is already within the keystore with the following command:

    keytool -list -v -keystore cacerts

    You will be required to input the password. Enter the password if you know it, else the default is:

    Changeit

    Note: Keytool may not be usable on the command line. If this is the case you may use the following command and symbolic links will show you where the Keytool is located:

    Which java

    Note: You may also wish to use keystore explorer – http://keystore-explorer.org/

    If the certificate is not already there, you will have import it using the following command format, having moved the certificate file into the directory:

    keytool -import -trustcacerts -alias DesiredAlias -file FileName -keystore cacerts

    i.e

    keytool -import -trustcacerts -alias MySslCert -file MySSL.cer -keystore cacerts

    Please note: This requires the certificate file being uploaded to be an X.509 certificate. If the cert file is not compliant, you may have to find a workaround such as adding it to the windows personal certificate and exporting it in an appropriate format.

    Once again, run:

    keytool -list -v -keystore cacerts

    The cert you added should now appear in the list, otherwise you may run:

    keytool -list -v -keystore cacerts | grep DesiredAlias

    i.e.

    keytool -list -v -keystore cacerts | grep *MySslCert*

    If this has succeeded, you may restart the Tomcat Server

    Repeat all steps as many time is required to have all nodes updated, if Connect Layer is on Load Balanced nodes.

    1. Back to top
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Community Content Type
      Training Materials
      Content Type
      Implementation Guides
      Language
      English
      Product
      campusM
    2. Tags
      1. Apache
      2. server
      3. ssl
      4. SSL Certificate
      5. Tomcat