How to add ssl certificate for a domain in Tomcat 8 server
- Category : Linux Helpline (Easy Guide)
- Posted on : Apr 01, 2019
- Views : 1,528
- By : Barton S.
The following procedure will help you to add an ssl certificate in your tomcat 8 server.
Let us assume /opt/tomcat will be the tomcat installation folder and we are going to install it for a doamin fun.com
Step 1 : Generate a Certificate Signing Request (CSR) for your domain fun.com
# mkdir /opt/tomcat/ssl # cd /opt/tomcat/ssl # keytool -genkey -alias fun.com -keyalg RSA -keysize 2048 -keystore fun_com.jks -dname "CN=fun.com,OU=Technical, O=Fun Technologies Limited, L=Talvia, ST=kbgrp, C=IN" && keytool -certreq -alias fun.com -file fun_com.csr -keystore fun_com.jks
Step 2 . Use the CSR file fun_com.csf for purchasing a real ssl certificate , let us say I bought it from comodo. Now we need to add all th CA root and other trust certificate to the above keystore file fun_com.jks as follows,
#keytool -import -trustcacerts -alias ExternalCARoot -file AddTrustExternalCARoot.crt -keystore /opt/tomcat/ssl/fun_com.jks #keytool -import -trustcacerts -alias ComodoAddTru -file COMODORSAAddTrustCA.crt -keystore /opt/tomcat/ssl/fun_com.jks
Step 3 : Add the certificate file too to the keystore
# keytool -import -trustcacerts -alias fun -file fun_com.crt -keystore /opt/tomcat/ssl/fun_com.jks
Step 4 : Now check the keystore and you can see all certificate and chain crts are added to the keystore
#keytool -list -keystore /opt/tomcat/ssl/fun_com.jks
Now open the server.xml ( in /opt/tomcat/conf/server.xml ) file and enable the following sections
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/opt/tomcat/ssl/fun_com.jks" keystoreType="JKS" keystorePass="changeit"/> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
Now restart the tomcat server
/etc/init.d/tomcat restart
You may now verify your ssl by calling your domain name over https from your browser.
Categories
Subscribe Now
10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!Archive Calendar
Sat | Sun | Mon | Tue | Wed | Thu | Fri |
---|---|---|---|---|---|---|
1 | ||||||
2 | 3 | 4 | 5 | 6 | 7 | 8 |
9 | 10 | 11 | 12 | 13 | 14 | 15 |
16 | 17 | 18 | 19 | 20 | 21 | 22 |
23 | 24 | 25 | 26 | 27 | 28 | 29 |
30 |
Recent Articles
-
Posted on : Jul 25
-
Posted on : Jul 07
-
Posted on : Apr 07
-
Posted on : Mar 19
Optimized my.cnf configuration for MySQL 8 (on cPanel/WHM servers)
Tags
- layer 7
- tweak
- kill
- process
- sql
- Knowledge
- vpn
- seo vpn
- wireguard
- webmail
- ddos mitigation
- attack
- ddos
- DMARC
- server load
- Development
- nginx
- php-fpm
- cheap vpn
- Hosting Security
- xampp
- Plesk
- cpulimit
- VPS Hosting
- smtp
- smtp relay
- exim
- Comparison
- cpu
- WHM
- mariadb
- encryption
- sysstat
- optimize
- Link Building
- apache
- centos
- Small Business
- VPS
- Error
- SSD Hosting
- Networking
- optimization
- DNS
- mysql
- ubuntu
- Linux