How to add ssl certificate for a domain in Tomcat 8 server
- Category : Linux Helpline (Easy Guide)
- Posted on : Apr 01, 2019
- Views : 2,018
- By : Barton S.
The following procedure will help you to add an ssl certificate in your tomcat 8 server.
Let us assume /opt/tomcat will be the tomcat installation folder and we are going to install it for a doamin fun.com
Step 1 : Generate a Certificate Signing Request (CSR) for your domain fun.com
# mkdir /opt/tomcat/ssl # cd /opt/tomcat/ssl # keytool -genkey -alias fun.com -keyalg RSA -keysize 2048 -keystore fun_com.jks -dname "CN=fun.com,OU=Technical, O=Fun Technologies Limited, L=Talvia, ST=kbgrp, C=IN" && keytool -certreq -alias fun.com -file fun_com.csr -keystore fun_com.jks
Step 2 . Use the CSR file fun_com.csf for purchasing a real ssl certificate , let us say I bought it from comodo. Now we need to add all th CA root and other trust certificate to the above keystore file fun_com.jks as follows,
#keytool -import -trustcacerts -alias ExternalCARoot -file AddTrustExternalCARoot.crt -keystore /opt/tomcat/ssl/fun_com.jks #keytool -import -trustcacerts -alias ComodoAddTru -file COMODORSAAddTrustCA.crt -keystore /opt/tomcat/ssl/fun_com.jks
Step 3 : Add the certificate file too to the keystore
# keytool -import -trustcacerts -alias fun -file fun_com.crt -keystore /opt/tomcat/ssl/fun_com.jks
Step 4 : Now check the keystore and you can see all certificate and chain crts are added to the keystore
#keytool -list -keystore /opt/tomcat/ssl/fun_com.jks
Now open the server.xml ( in /opt/tomcat/conf/server.xml ) file and enable the following sections
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/opt/tomcat/ssl/fun_com.jks" keystoreType="JKS" keystorePass="changeit"/> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
Now restart the tomcat server
/etc/init.d/tomcat restart
You may now verify your ssl by calling your domain name over https from your browser.
Categories
- cPanel Question 47
- cPanel Software Management 29
- cPanel Tutorials 13
- Development 29
- Domain 13
- General 19
- Linux Helpline (Easy Guide) 156
- Marketing 47
- MySQL Question 13
- News 2
- PHP Configuration 14
- SEO 4
- SEO 42
- Server Administration 84
- SSL Installation 54
- Tips and Tricks 24
- VPS 3
- Web Hosting 44
- Website Security 22
- WHM questions 13
- WordPress 148
Subscribe Now
10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!Archive Calendar
Sat | Sun | Mon | Tue | Wed | Thu | Fri |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | |
7 | 8 | 9 | 10 | 11 | 12 | 13 |
14 | 15 | 16 | 17 | 18 | 19 | 20 |
21 | 22 | 23 | 24 | 25 | 26 | 27 |
28 | 29 | 30 | 31 |
Recent Articles
-
Posted on : Sep 17
-
Posted on : Sep 10
-
Posted on : Aug 04
-
Posted on : Apr 01
Tags
- ts
- myisam
- vpn
- sql
- process
- kill
- tweak
- server load
- attack
- ddos mitigation
- Knowledge
- layer 7
- ddos
- webmail
- DMARC
- Development
- nginx
- seo vpn
- Hosting Security
- wireguard
- innodb
- exim
- smtp relay
- smtp
- VPS Hosting
- cpulimit
- Plesk
- Comparison
- cpu
- encryption
- WHM
- xampp
- sysstat
- optimize
- cheap vpn
- php-fpm
- mariadb
- apache
- Small Business
- Error
- Networking
- VPS
- SSD Hosting
- Link Building
- centos
- DNS
- optimization
- ubuntu