1. 保存证书文件 Save the certificate file

当您收到SSL证书后，请使用记事本保存为certificate.txt。请记住：一定要下载 PKCS #7 格式证书，此证书格式含有您的证书和根证书链，Keytool要求此格式证书。
When you receive the certificate save it in a notepad file as certificate.txt for example. Please remember to download the certificate in PKCS#7 format as keytool prefers this format which contains both your issued certificate and all the signer certificates in the chain.

2. 导入证书 Import the certificate

请使用以下命令导入证书到您的Keystore中：
Please use the following command to import the certificate into your keystore:

keytool -import -alias [keyEntry_name] -trustcacerts –file certificate.txt -keystore [keystore_name]

以下图例为导入测试证书：In the example in this screenshot we are using a Test Certificate.

请注意：如果您在生成 keystore 没有指定名称，则不需要 -keystore 选项。
Note: If you did not specify a keystore name when the keystore was originally generated please omit the -keystore parameter from the command)

在运行此命令时会提示您输入密码，也就是您在生成 keystore 时设置的密码。
When you execute this command you will be prompted for the keystore password, please specify the password you set when you generated the keystore.

当导入证书到您的 keystore 时，一定要使用生成CSR时一样的别名(alias)，同时使用 -trustcacerts 参数。如果不指定一样的别名，将不能安装成功！
When importing the certificate into your keystore use the same alias as the private key the certificate request (CSR) was created from (this will be the keyEntry listed in your keystore) and use the '-trustcacerts' parameter in your keytool -import command. If you do not specify the alias of the keyEntry your certificate will not be tied to the private key and you will not be able to use the certificate properly.

如果您忘了您的别名，请使用如下命令查看您的别名：
If you are unsure of the alias for the KeyEntry please use the following command to check the output from the keystore in order to verify the keyEntry name (alias):

keytool –list -keystore [keystore_name] -v

以下图例的别名为：tomcat。In the example in this screenshot the alias is “tomcat”.

3. 修改Tomcat配置文件(server.xml), Edit the Tomcat configuration file (server.xml)

Tomcat 在文件server.xml中保存SSL配置信息，请确保Tomcat能正常读取keystore文件和密码，并且8443端口已经打开。
Tomcat keeps its configuration information in a server.xml file, make sure Tomcat is reading the correct keystore file and keystore password and that port 8443 is enabled for secure connections.

(a) 使用文本编辑器打开server.xml文件(JAKARTA_HOME/conf/server.xml).
Please open up the server.xml config file using a text editor (JAKARTA_HOME/conf/server.xml)

(b) 请找到如下图所示的段落(Connector port="8443"...)：
Please search for the secure element in your config file, by default it should look something like this:

(c) 请检查和修改keystoreFile的目录正确和keystore密码正确。
Please make sure the ‘keystoreFile' directive is referencing the correct keystore and the 'KeystorePass' directive is referencing the correct keystore password.

(d) 请保存配置文件，重新启动Tomcat。
Please save the changes and stop and start Tomcat.

请一定要分配8443端口和一个固定的IP地址给主机(注意：防火墙一定要开放8443端口TCP)。
Make sure you assign port 8443 and a unique ip address to the virtual host.Note: If the server is behind a firewall please make sure port 8443 has been enabled on the firewall.

在浏览器地址栏输入：https://yourdomain.com(申请证书的域名)测试您的SSL证书是否安装成功，如果成功，则浏览器下方会显示一个安全锁标志。请注意：如果您的网页中有不安全的元素，则会提供“是否显示不安全的内容”，建议修改网页删除不安全的内容。
Test your certificate by using a browser to connect to your server. Use the https protocol directive (e.g. https://your server/) to indicate you wish to use secure HTTP. The padlock icon on your browser will be displayed in the locked position if your certificates are installed correctly and the server is properly configured for SSL.