Tomcat Server setup for TrustCor SSL


This article will detail the steps for obtaining an SSL on a Tomcat server using TrustCor Premium DV Certificates.

1. Purchase trustcor from the No-IP UI.

To learn more about this process, please review our article:
How to Purchase and Configure a TrustCor Premium DV SSL

2. Navigate to the directory where you will manage the certificate.

The commands for navigation will vary depending on your os and version of Tomcat.

3. Create the keystore.

What is a keystore? A “keystore” is essentially just a repository file for cryptographic objects, such as keys and certificates. Tomcat currently operates only on JKS format keystores.
This is Java’s standard “Java KeyStore” format, and is the format created by the keytool command-line utility, as in the next step.

4. Enter the key generation command.

Generate a keystore and private key by running the following command:

keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore your_domain_name.jks

Note: Replace “your_domain_name” with the domain you will be securing with the certificate, ie, mydomain.com or mydomain.org, etc. The format for this command may vary depending on your Tomcat version, so be sure to research this before attempting.

  • Enter a keystore password.
  • Enter your Organization Information.

Note: When prompted to enter your First and Last Name, input your “domain name” instead of your personal name.

  • Enter the rest of the information presented.
  • Enter y or yes when prompted only if all information is correct.
  • Enter your keystore password and press Enter.

Your keystore has been created in the current directory.

58ecfd0a-fa48-4ce4-bedc-d10059dc0988

5. Run the CSR command

From the newly created keystore, generate your CSR by running the following keytool command:

keytool -certreq -alias server -file csr.txt -keystore your_domain_name.jks

Enter your keystore password and press Enter.

Your CSR has been created in the current directory.
Locate and open the newly created CSR in a text editor such as Notepad and copy all the text.

6. Copy and Paste this CSR to your NO-IP UI.

Copy the CSR, including everything from

-----BEGIN CERTIFICATE-----

to

-----END CERTIFICATE-----

From your No-IP account, Click My Services at the left, then SSL Certificates.

Locate the TrustCor Premium DV and click the Add CSR button.

7fb60b45-84d6-4af6-81dd-e46718c15399

Here, you will choose your server type from the drop down menu, paste the CSR we just copied, then click the green “Add CSR” button to continue.

b8bebe04-6695-4bf2-be7f-c710073371fe

7. You will now see the section called “SSL Contact Information“.

Fill in the information required. The City, State and Country will be auto-filled from the information generated in the CSR you created. Click the green Confirm button when finished.

71b0462a-d35d-44c0-a2a1-69e9620a07f6

8. Finally, you will see the section called “DNS Verification Record”.

If your domain is registered with us and you have Plus Managed DNS, we will add the DNS Verification TXT record automatically.

If you are an Enhanced user with us, you will need to copy and paste the DNS Verification TXT record to your DNS Records manually.

If your domain is not registered with No-IP, you will need to copy and paste the DNS Verification TXT record to your DNS Records manually at your current DNS provider.

Click the Continue button once you have review and/or copied this information.

6be326c8-3374-4774-ae67-0c7bf6399fdb

9. Wait for Verification. TrustCor will search for the TXT record you have added to your domain.

This typically happens within 30 minutes, after the TXT record is added and propagated. Until then, the Status will remain in Pending Verification.

90284c21-326f-42fe-8e53-b2bbc54436a1

After 30 minutes, TrustCor will verify the TXT record and the Status will change to Active.

9a0f1dc6-19ec-4b60-89a2-cef9717fef4f

10. Download the signed-cert from the No-IP UI as a PEM file.

From your No-IP account, click My Services at the left, then SSL Records.
Find your TrustCor Premium DV and click the Download button.

df09c70b-bff0-47d5-bc9c-8ec0d81c8853

Here, use the dropdown menu to select the file type and click the Download button to obtain the file.

c0fc05c9-0a88-4e9a-9d40-5344da8385f6

You may need to make further configurations, such as converting file types, configuring SSL connectors, and entering the keystore credentials. While we cannot support these changes, you can find many guides online for these details, such as this one.

As with any changes to Tomcat, you may need to restart the server for these changes to take effect.

You have now installed the SSL on your Tomcat Server. You can test this by using https in front of your hostname.

More Information

You can find more information about installing TrustCor SSLs and obtaining TrustCor’s Intermediate Certificates from their Knowledge Base here.