Apache Tomcat, basically referred to as Tomcat Server, is a free open-source Java Servlet Container which is developed and produced by the Apache Software Foundation. In this article we will tell you that how to Install SSL Certificate on Apache Tomcat Centos Linux server Install SSL Apache Tomcat
. We are supposing that you already have setup working Tomcat server in your system. If you still not installed on your system then you can visit to our article Install Tomcat server on RHEL, Centos or Ubuntu Systems.
Create keystore using keytool.
A Java KeyStore (JKS) is a depository (A database that can store keys) of security certificates. And Keytool is a command line utility to manage key and certificate. You can keytool command line utility through JDK and JRE packages.
Enter keystore password:
Re-enter new password:
They don’t match. Try again
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: Gajendra
What is the name of your organizational unit?
[Unknown]: Linuxpcfix
What is the name of your organization?
[Unknown]: Linuxpcfix
What is the name of your City or Locality?
[Unknown]: Jaipur
What is the name of your State or Province?
[Unknown]: Rajasthan
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=Gajendra, OU=Linuxpcfix, O=Linuxpcfix, L=Jaipur, ST=Rajasthan, C=IN correct?
[no]: yes
Enter key password for < linuxpcfix.com >
(RETURN if same as keystore password):
Re-enter new password:
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using “keytool -importkeystore -srckeystore /mnt/keystore -destkeystore /mnt/keystore -deststoretype pkcs12”.
If
you want to install a valid ssl from certificate authorities, then need to first
generate a CSR requiest Using the following command.
The above command will ask you for keystore password and generate the CSR file. After that send this generated CSR to certificate authorities and purchase ssl certificate.
After some type of verification from certificate authority, the certificate issued by CA, you will get following files – root certificate, intermediate certificate, and certificate file.
Install the root certificate:
[root@linuxp ~]# keytool -import -alias root -keystore /etc/pki/keystore -trustcacerts -file root.crt
Install the intermediate certificate:
Install the issued certificate:
Configure keystore in tomcat
Now go to your Tomcat Catalina home directory and revise conf/server.xml file in your preferred editor and bring up to date the configuration as below . You can change the port from 8443 to some other port as you like.
connectionTimeout=”20000″
redirectPort=”8443″
SSLEnabled=”true”
scheme=”https”
secure=”true”
sslProtocol=”TLS”
keystoreFile=”/etc/pki/keystore”
keystorePass=”_password_” />
Finally Restart your tomcat Apache server.
To restart tomcat server go to tomcat catalina home directory and run below command.
[root@linuxp ~]#./bin/startup.sh
Some useful Java Keytool Commands.
• These commands permit you to get a replacement Java Keytool keystore file, produce a CSR, and import certificates. Any root or intermediate certificates can have to be compelled to be foreign before commerce the first certificate for your domain.
• To Produce a Java keystore and key pair
• To Generate a CSR) for an existing Java keystore file execute below command.
• To fetch a root or intermediate CA certificate run following command
• To fetch a signed primary certificate to an already existing Java keystore
• To fetch a keystore and self-signed certificate
If you would like to verify the information within a certificate, or Java keystore, run the following command commands.
To verify a stand-alone certificate
• To verify which certificates are in a Java keystore
• To verify a particular keystore entry using an alias
Other userful Java Keytool Commands
• Delete and Remove a certificate from a Java Keytool keystore
• How to Change a Java keystore password
• To Export or download a certificate from a keystore
• To get list Trusted CA Certs
• To fetch New CA into Trusted Certs
If you still not installed on your system then you can visit to our article Install Tomcat server on RHEL, Centos or Ubuntu, Debian Systems.
http://www.linuxpcfix.com/install-and-configure-apache-tomcat8-on-centosrhel/