top of page
< Back

Installing an SSL certificate in Express Server

Applicable to Product(s)

Express Server

Summary of problem:

By default, Express Server 9 uses a self-signed SSL certificate. This type of certificate displays a red warning message in some browsers. If you have purchased a certificate you can modify Tomcat to use your own certificate instead which will remove the warning.


Process:

To Install an SSL certificate in Tomcat on Windows, complete the following steps:


  1. Locate the Java installation and locate keytool.exe inside of its bin directory.


  2. Create a new store with a temporary key. Replace the text "lizard" with the password you wish to use for your new keystore.


keytool -genkey -alias tomcat -keyalg RSA -validity 3650 -storepass lizard -keypass lizard-dname "CN=test, O=test, L=test, S=test, C=test" -keystore .newkeystore


  1. Delete the Tomcat alias/temporary key (this will keep the new keystore but remove its key).

keytool -delete -alias tomcat -keystore .newkeystore


  1. Import your certificate file. Replace the -file value below with the path to your certificate. Use a full path when running keytool even if you are in the directory.


keytool -import -alias tomcat -keystore .newkeystore -file c:\users\testuser\testuser.servername.local


  1. Rename the old .keystore file to .keystore.installed and overwrite with the new one.


Browse to C:\Program Files\LizardTech\ExpressServer\ImageServer\etc\

Rename the existing .keystore file to .keystore.installed so that the server will not use it any longer.

Copy your newly generated .keystore file from the Java directory into the etc directory.


  1. Modify Tomcat to use the new keystore and update the password.


Browse to C:\Program Files\LizardTech\Express Server\Tomcat\conf

Open the server.xml file in a text editor.

Find the section that defines Connector port="8443" and change the keystorePass field to the new password.

< Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" keystoreFile="C:\Program Files\LizardTech\Express Server\ImageServer\etc\.keystore" keystorePass="lizard" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />


  1. Restart the Tomcat service.

bottom of page