Shulou(Shulou.com)06/01 Report--

This article mainly describes the Tomcat configuration of SSL Certificates method, with a certain reference value, the need for friends can refer to the next. I hope you all have a lot of success after reading this article. Let's take a look at it together.

We assume that Tomcat server is already installed on the system. If not, Tomcat7 can be installed on CentOS, Rhel or Ubuntu, Debian systems. This article works for both Linux and Windows hosts, the only thing we need to change is the directory path for KeyStore.

Step 1: Create a keystore

Java KeyStore (JKS) is a repository of security certificates. keytool is a command line utility for creating and managing keystores. Both JDK and JRE can use this command. We just need to make sure that JDK or JRE is configured with PATH environment variable.

$ keytool -genkey -aliassvr1.tecadmin.net-keyalg RSA -keystore/etc/pki/keystore

Output:

Enter keystore password:Re-enter new password:What is your first and last name? [Unknown]:Rahul KumarWhat is the name of your organizational unit? [Unknown]:WebWhat is the name of your organization? [Unknown]:TecAdmin Inc.What is the name of your City or Locality? [Unknown]:DelhiWhat is the name of your State or Province? [Unknown]:DelhiWhat is the two-letter country code for this unit? [Unknown]:INIs CN=Rahul Kumar, OU=Web, O=TecAdmin Inc., L=Delhi, ST=Delhi, C=IN correct? [no]:yesEnter key password for(RETURN if same as keystore password):Re-enter new password:

Step 2: Get CA-signed SSL[ignore self-signed users]

This step is not required if you are using self-signed SSL Certificates. If you want to purchase a valid ssl from a certification authority, you need to create a CSR first, using the following command.

Create CSR:

$ keytool -certreq -keyalg RSA -alias svr1.tecadmin.net -file svr1.csr -keystore /etc/pki/keystore

The command above prompts for the keystore password and generates a CSR file. Use this CSR and purchase an SSL Certificates from any certification authority.

After CA issues certificate, it will have the following files: root certificate, intermediate certificate, and Issued certificate by CA. In this case, the file name is

A. root.crt (root certificate)

B. intermediate.crt (intermediate certificate)

C. svr1.tecadmin.net.crt ( Issued certificate by CA )

Install root certificate:

$ keytool -import -alias root -keystore/etc/pki/keystore-trustcacerts -fileroot.crt

Install intermediate certificate:

$ keytool -import -alias intermed -keystore/etc/pki/keystore-trustcacerts -fileintermediate.crt

Install Issued certificate by CA

$ keytool -import -aliassvr1.tecadmin.net-keystore/etc/pki/keystore-trustcacerts -filesvr1.tecadmin.net.crt

Step 3: Set up Tomcat keystore

Now go to your Tomcat installation directory and edit the conf/server.xml file in your favorite editor and update the configuration as shown below. If desired, you can also change the port from 8443 to another port.

Step 4: Restart Tomcat

Restart the Tomcat service using the init script (if any), in this case shell scripts (startup.sh and shutdown.sh) to stop and start Tomcat.

$ ./ bin/shutdown.sh$ ./ bin/startup.sh

Step 5: Verify the installer

Because we have completed all the configuration required for Tomcat setup. Tomcat in the browser can be accessed on the configuration port in step 2.

Thank you for reading this article carefully. I hope that Xiaobian will share the method of configuring SSL Certificates in Tomcat. At the same time, I hope that everyone will support you more. Pay attention to the industry information channel. Find out if you encounter problems. Detailed solutions are waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.