Installation instructions for Tomcat using PKCS#7 format

Solution ID:    SO16181    Updated:    08/23/2016


This document was created to assist with the installation of an SSL certificate in Tomcat.  If this document can not be used within the environment, RapidSSL recommends contacting an organization that supports Tomcat.

Step 1:  Download the RapidSSL certificate 
  1. Download the RapidSSL certificate.  Select Other / PKCS#7 as the server platform.

Step 2: Import the RapidSSL certificate into the keystore

  1. At the command prompt, enter:

    keytool -import -keystore [keystore file] -alias [alias name] -file [certificate file]

    The alias name and keystore name in this command must be the same as the alias name and keystore name used during the generation of the private key and certificate signing request (CSR).

    For Example:

    During the import you might encounter the following error: Error: "java.lang.Exception: Input not an X.509 certificate." To troubleshoot this error, refer to solution.

Step 3: Confirm contents of the keystore

  1. At the command prompt, enter:

    keytool -list -v -keystore [keystore name]        

  2. Verify the following information.  The certificate was imported into the alias with the Entry Type of PrivateKeyEntry or KeyEntry. If the certificate is listed as trustedCertEntry it will not be functional because it was not imported into the alias that contains the private key.  If the certificate is listed as trustedCertEntry, import the certificate again using the PrivateKeyEntry or KeyEntry listed in the keystore.

Step 4: Configure Tomcat server

  1. Once the certificates are imported into the keystore, configure the server.xml to use the keystore.


Step 5: Verify certificate installation

  1. To verify if your certificate is installed correctly, use the RapidSSL Certificate Installation Checker.


For more information, see Tomcat Support website.



RapidSSL has made efforts to ensure the accuracy and completeness of the information in this document. However, RapidSSL makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. RapidSSL assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.  Further, RapidSSL assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. RapidSSL reserves the right to make changes to any information herein without further notice.

Contact Support

US Support:

Order Processing

Technical Support

European Support:

Order Processing

Technical Support

SSL digital certificates sales live chat.

Knowledge Center

Search Tips