Installing an SSL Certificate on Sun Java System Web Server 7.x

The issued certificate (that can be downloaded using the guide here) installation on Sun Java System Web Server can be performed in two ways, similar to CSR generation - keytool and UI (Wizard).

I. Wizard

II. Keytool

I. Wizard

  1. Log in to your Sun Java System Web Server management and click Common Tasks tab.
  2. Select the configuration you are working with (usually your domain name) and click Edit Configuration.


  3. Click the Certificates tab.


  4. Click the Certificate Authority tab and then press Install.


  5. Select your token (internal if the key is generated using this guide).


  6. Open .ca-bundle file with Notepad or TextEdit and paste it into the corresponding box:



    Select Certificate File radio button and browse to .p7b file that contains the certificate for your domain and CA bundle.


    Now the bundle and certificate are installed.

    If the certificate and bundle were sent in .crt and .ca-bundle correspondingly, then the .ca-bundle can be installed following steps 1-6 . The certificate itself can be installed this way:

  7. Repeat steps 1-3.
  8. Select Server Certificates > press Install.


  9. Enter an Alias for the certificate to help you identify it in the future and select the listener.


  10. Complete the wizard by pressing Finish.


    The certificate is now installed.

  11. To configure the certificate for use, go to Configuration > Edit HTTP Listener.
  12. Under General, check the box to Enable SSL and select the certificate you just installed. Now the certificate is bound to the listener and HTTP traffic will be encrypted.

After that, you can check the installation here or here.

II. Keytool

  1. Upload the certificate files to your server.
  2. Run the following commands:


    keytool -import -trustcacerts -alias root -file RootCertificate.crt -keystore .jks

    keytool -import -trustcacerts -alias intermediate -file intermediateCertificate.crt -keystore .jks

    keytool -import -trustcacerts -alias -file .crt -keystore .jks

    Note: import COMODORSAAddTrustCA.crt and COMODORSADomainValidationSecureServerCA.crt with different aliases.

    For example, importing a PositiveSSL with a full bundle will look like this:

    keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore yourkeystore.jks

    keytool -import -trustcacerts -alias intermediate1 -file COMODORSAAddTrustCA.crt -keystore yourkeystore.jks

    keytool -import -trustcacerts -alias intermediate2 -file COMODORSADomainValidationSecureServerCA.crt -keystore yourkeystore.jks

    keytool -import -trustcacerts -alias -file .crt -keystore yourkeystore.jks


    If the certificate is received in a PKCS#7 format - .cer or .p7b - it can be imported in the following way:

    keytool -import -trustcacerts -alias -file .p7b -keystore yourkeystore.jks

  3. Correct your server.xml with the following lines:

    scheme="https" secure="true” clientAuth="false"
    sslProtocol="TLS" keystoreFile="path/to/.jks"
    keystorePass="” >

  4. Restart Sun Java Web Service.

The certificate is successfully installed on the server. You can check it here or here.

44251 times

Need help? We're always here for you.