Your certificate will be sent to you by email. The email message includes the Web Server Certificate that you purchased in the body of the email message.

Copy the certificate from the body of the email and paste it into a text editor, such as notepad to create text files.

Please note that if you are installing the certificate on anything other than a Sun system you will have to convert the certificate to binary format. You can use OpenSSL (obtained from www.openssl.org)  to convert the certificate to binary format.

Install the SSL certificate
Here are the steps to follow:

1. Copy/paste your Equifax Root Certificate into a text editor and save the file as supralinkca.pem. The root certificate is not normally sent out with SupraLink certificates. Contact us to obtain the root certificate.
2. Copy/paste your web server certificate into a text editor and save the file as domainname.pem, please substitute domainname for the domain name that you purchased the certificate for. If necessary, convert the server certificate and root certificate to binary format using the following command:
   
   openssl x509 -in domainname.pem -inform PEM -outform DER -out domainname.crt
   
   openssl x509 -in supralinkca.pem -inform PEM -outform DER -out supralinkca.crt
   
3. Import the "Root Certificate" using the following command:
   
   $JAVA_HOME/bin/keytool -import -alias geotrustca -keystore /path/to/domainname.kdb -file supralinkca.crt
   
4. Import the "Server Certificate" using the following command:
   
   $JAVA_HOME/bin/keytool -import -alias tomcat -keystore /path/to/domainname.kdb -file domainname.crt
   
   Please note that you must use the alias name of "tomcat".
   

Update server.xml configuration file
Here are the steps to follow:

1. Open "$JAKARTA_HOME/conf/server.xml" in a text editor.
2. Find the following section:
   
   <Connector className="org.apache.catalina.connector.http.HttpConnector"
   port="8443" minProcessors="5" maxProcessors="75"
   enableLookups="true"
   acceptCount="10" debug="0" scheme="https" secure="true">
   <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
   clientAuth="false" protocol="TLS"
   keystoreFile="tomcat.kdb"
   keystorePass="password"/>
   
3. If you want Tomcat to use the default SSL port, change all instances of the port number 8443 to 443.
4. Add the keystoreFile and keystorePass directives to correspond with the keystore file and password that you are using.
5. Start or restart Tomcat using the appropriate startup script startup.sh for unix/linux or startup.bat for windows.

Test your certificate by using a browser to connect to your server. Use the https protocol directive, such as https://your.server.com/ to indicate you wish to use secure HTTP.

Please note that the padlock icon on your browser will be displayed in the locked position if your certificates are installed correctly and the server is properly configured for SSL.

Innovating Information Security
SupraLink, in partnership with GeoTrust, the leading provider of next generation information security services, delivers secure e-commerce transactions, identity verification and authentication solutions to the global web community. SupraLink ensures a new level of e-business security — your first step toward leveraging the full business potential of the Internet.