Home > Database > Mysql Tutorial > body text

How to configure SSL certificate in Tomcat

不言
Release: 2019-03-23 14:48:19
Original
4305 people have browsed it

We assume that the Tomcat server has been installed in the system. If not, you can install Tomcat7 on CentOS, Rhel or Ubuntu or Debian systems. This article can be used for both Linux and Windows hosts. The only thing we need to change is the directory path of the KeyStore.

How to configure SSL certificate in Tomcat

Step 1: Create Keystore

Java KeyStore (JKS) is a repository of security certificates. keytool is a command line utility for creating and managing keystores. This command can be used by both JDK and JRE. We just need to make sure that the JDK or JRE has the PATH environment variable configured.

$ keytool -genkey -aliassvr1.tecadmin.net-keyalg RSA -keystore/etc/pki/keystore
Copy after login

Output:

Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:Rahul KumarWhat is the name of your organizational unit?
  [Unknown]:WebWhat is the name of your organization?
  [Unknown]:TecAdmin Inc.What is the name of your City or Locality?
  [Unknown]:DelhiWhat is the name of your State or Province?
  [Unknown]:DelhiWhat is the two-letter country code for this unit?
  [Unknown]:INIs CN=Rahul Kumar, OU=Web, O=TecAdmin Inc., L=Delhi, ST=Delhi, C=IN correct?
  [no]:yesEnter key password for(RETURN if same as keystore password):
Re-enter new password:
Copy after login

Step 2: Get CA-signed SSL [Ignore self-signed users]

If you want to use a self-signed SSL certificate, This step is not required. If you want to purchase valid ssl from a certificate authority, you need to create a CSR first, use the following command to do this.

Create CSR:

$ keytool -certreq -keyalg RSA -alias svr1.tecadmin.net -file svr1.csr -keystore /etc/pki/keystore
Copy after login

The above command will prompt for the keystore password and generate the CSR file. Use this CSR and purchase an ssl certificate from any certificate authority.

After the CA issues the certificate, it will have the following files: root certificate, intermediate certificate and Issued certificate by CA. In this example, the file name is

A. root.crt (root certificate)

B. intermediate.crt (intermediate certificate)

C. svr1.tecadmin. net.crt (Issued certificate by CA)

Install root certificate:

$ keytool -import -alias root -keystore/etc/pki/keystore-trustcacerts -fileroot.crt
Copy after login

Install intermediate certificate:

$ keytool -import -alias intermed -keystore/etc/pki/keystore-trustcacerts -fileintermediate.crt
Copy after login

Install Issued certificate by CA

$ keytool -import -aliassvr1.tecadmin.net-keystore/etc/pki/keystore-trustcacerts -filesvr1.tecadmin.net.crt
Copy after login

Step 3: Set up Tomcat Keystore

Now, go to your Tomcat installation directory and edit the conf/server.xml file in your favorite editor and update it as shown below configuration. You can also change the port from 8443 to another port if needed.

<Connector port="8443" protocol="HTTP/1.1"
                connectionTimeout="20000"
                redirectPort="8443"
                SSLEnabled="true"
                scheme="https"
                secure="true"
                sslProtocol="TLS"
                keystoreFile="/etc/pki/keystore"
                keystorePass="_password_" />
Copy after login

Step 4: Restart Tomcat

Restart the Tomcat service using the init script (if you have one), in this example, we are using the shell script (startup.sh and shutdown.sh ) to stop and start Tomcat.

$ ./bin/shutdown.sh
$ ./bin/startup.sh
Copy after login

Step 5: Verify the installer

Because we have completed all the configuration required for Tomcat setup. You can access Tomcat in the browser on the configured port in step 2.

This article has ended here. For more other exciting content, you can pay attention to the Java Video Tutorial column of the PHP Chinese website!

The above is the detailed content of How to configure SSL certificate in Tomcat. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template