Installing The Certificates to the Keystore
Copy your SSL Certificate file (your_domain_name.p7b) to the directory where your keystore was saved during the CSR creation process
***NOTE***: The certificate must be installed to the same keystore that was used to generate your CSR. If you try to install it to a different keystore it will not work.
Type the following command to install the certificate file to your keystore:
keytool -import -trustcacerts -alias server -file your_site_name.p7b -keystore your_site_name.jks
You should get a confirmation stating that the "Certificate reply was installed in keystore"
If it asks if you want to trust the certificate. Choose y or yes.
Your keystore file (your_site_name.jks) is now ready to use on your Tomcat Server and you just need to configure your server to use it.
Configuring your SSL Connector
Tomcat will first need an SSL Connector configured before it can accept secure connections.
Specify the correct keystore filename and password in your connector configuration. When you are done your connector should look something like this:
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="/home/user_name/your_site_name.jks" keypass="your_keystore_password" />
**Note: By default Tomcat will look for your Keystore with the file name .keystore in the home directory with the default password changeit. The home directory is generally /home/user_name/ on Unix and Linux systems, and C:\Documents and Settings\user_name\ on Microsoft Windows systems.