How to - Secure Socket Layer (SSL) Certificate for Apache Tomcat

1. Create Certificate Signing Request (CSR)
   
   a) Create a keystore file :
   keytool -genkey -alias the_alias_name -keyalg RSA -keysize 2048 -keystore keystore_filename.jks
   
   b) Create CSR file (this file will be send to Certification Authority (CA) company e.g, digicert, entrust etc.) :
   keytool -certreq -alias the_alias_name -keystore keystore_filename.jks -file csr_file_name.csr
   
   * In this example, we used Entrust as CA company. You'll get 3 files from CA (Download from CA website). Those files are: root, chain, server certificate. Now, proceed to the below steps.
   
   
2. Import the generated certificate into the keystore file
   
   a) Import root certificate :
   keytool -importcert -trustcacerts -file L1Croot.txt -keystore keystore_filename.jks -alias root
   
   b) Import chain certificate :
   keytool -importcert -trustcacerts -file L1Cchain.txt -keystore keystore_filename.jks -alias intermediateCA
   
   c) Import server certificate:
   keytool -importcert -trustcacerts -file entrustcert.crt -keystore keystore_filename.jks -alias the_alias_name

* Note: Please change the bold text with your own value