Frequently Asked Questions

JKS format certificate installation guide

Updated Time:2022-09-23  Views:30529


1. Log in to your Tomcat server. Your Tomcat server needs to meet the following conditions: Port 443 (the default port for HTTPS services) has been opened.
OpenSSL tools are installed. If the OpenSSL tool is not installed, please visit the OpenSSL official website, download and install it OpenSSL Tools.
2. The certificate in JKS format has been downloaded from the digital certificate management service console.


This article takes the installation of JKS format certificate in Tomcat 7 in the Linux operating system as an example to introduce the specific steps for installing the certificate.
1. Unzip the JKS certificate file that has been saved locally.
· After unzipping you will see the following files in the folder:
Certificate file (domain_name.jks)
Note: The certificate name in this document uses domain_name as an example.
· Password file (jks-password.txt)


A. If you do not set the CSR generation method to system generation when you submit the certificate application, The certificate archive does not contain the TXT password file. When you download the certificate in the digital certificate management service console, you must select the Select another type of server, download the certificate in CRT format, and use the OpenSSL tool to generate the certificate in JKS format certificate file.
B. Downloading the certificate will generate a new password file. The password file only matches the certificate downloaded this time. if needed To update the certificate file, also update the matching password file.
2. Create a new cert directory in the Tomcat installation directory, and copy the certificate file and password file to the cert directory.
3. Refer to the following steps to modify the configuration file server.xml.
A. Access the Tomcat installation directory /conf/server.xml directory and open the server.xml file.
B. Remove the comment before the following content in server.xml, that is, the pound sign (#) before the content.

C. Modify the server.xml file with reference to the following contents.

D. Save the server.xml file. 
4. Optional: configure the web.xml file and enable HTTP to force the jump to HTTPS. Add the following after the file </welcome-file-list>: 

5. Restart the Tomcat service. 
A. Execute the following command to close the Tomcat service: 


B.Execute the following command to start the Tomcat service:

Further Operation: 

After the certificate installation is complete, you can verify whether the certificate is installed successfully by accessing the domain name bound to the certificate:

·If a small lock appears in the address bar of the web page, it means that the certificate has been installed successfully. 
·If you cannot access the website normally through HTTPS, please confirm whether port 443 of the server where you installed the certificate is open.