We assume that the Tomcat server has been installed in the system. If not, you can install Tomcat7 on CentOS, Rhel or Ubuntu or Debian systems. This article can be used for both Linux and Windows hosts. The only thing we need to change is the directory path of the KeyStore.
Step 1: Create Keystore
Java KeyStore (JKS) is a repository of security certificates. keytool is a command line utility for creating and managing keystores. This command can be used by both JDK and JRE. We just need to make sure that the JDK or JRE has the PATH environment variable configured.
$ keytool -genkey -aliassvr1.tecadmin.net-keyalg RSA -keystore/etc/pki/keystore
Output:
Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]:Rahul KumarWhat is the name of your organizational unit? [Unknown]:WebWhat is the name of your organization? [Unknown]:TecAdmin Inc.What is the name of your City or Locality? [Unknown]:DelhiWhat is the name of your State or Province? [Unknown]:DelhiWhat is the two-letter country code for this unit? [Unknown]:INIs CN=Rahul Kumar, OU=Web, O=TecAdmin Inc., L=Delhi, ST=Delhi, C=IN correct? [no]:yesEnter key password for(RETURN if same as keystore password): Re-enter new password:
Step 2: Get CA-signed SSL [Ignore self-signed users]
If you want to use a self-signed SSL certificate, This step is not required. If you want to purchase valid ssl from a certificate authority, you need to create a CSR first, use the following command to do this.
Create CSR:
$ keytool -certreq -keyalg RSA -alias svr1.tecadmin.net -file svr1.csr -keystore /etc/pki/keystore
The above command will prompt for the keystore password and generate the CSR file. Use this CSR and purchase an ssl certificate from any certificate authority.
After the CA issues the certificate, it will have the following files: root certificate, intermediate certificate and Issued certificate by CA. In this example, the file name is
A. root.crt (root certificate)
B. intermediate.crt (intermediate certificate)
C. svr1.tecadmin. net.crt (Issued certificate by CA)
Install root certificate:
$ keytool -import -alias root -keystore/etc/pki/keystore-trustcacerts -fileroot.crt
Install intermediate certificate:
$ keytool -import -alias intermed -keystore/etc/pki/keystore-trustcacerts -fileintermediate.crt
Install Issued certificate by CA
$ keytool -import -aliassvr1.tecadmin.net-keystore/etc/pki/keystore-trustcacerts -filesvr1.tecadmin.net.crt
Step 3: Set up Tomcat Keystore
Now, go to your Tomcat installation directory and edit the conf/server.xml file in your favorite editor and update it as shown below configuration. You can also change the port from 8443 to another port if needed.
<Connector port="8443" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" SSLEnabled="true" scheme="https" secure="true" sslProtocol="TLS" keystoreFile="/etc/pki/keystore" keystorePass="_password_" />
Step 4: Restart Tomcat
Restart the Tomcat service using the init script (if you have one), in this example, we are using the shell script (startup.sh and shutdown.sh ) to stop and start Tomcat.
$ ./bin/shutdown.sh $ ./bin/startup.sh
Step 5: Verify the installer
Because we have completed all the configuration required for Tomcat setup. You can access Tomcat in the browser on the configured port in step 2.
This article has ended here. For more other exciting content, you can pay attention to the Java Video Tutorial column of the PHP Chinese website!
The above is the detailed content of How to configure SSL certificate in Tomcat. For more information, please follow other related articles on the PHP Chinese website!