SSL Certs & Apache Tomcat

SSL Certs & Apache Tomcat

​Some tips on dealing with SSL Certificates and Apache Tomcat. If you have to renew your SSL cert or install a new one hopefully these instructions will help.

I'll be using Apache Tomcat 7, so the steps may differ with other servers.

Firstly you have to generate a CSR on the server (basically a single file), and then send this to whoever you are planning to purchase your cert from (DigiCert in my case). Some certificate providers have online CSR generators which are useful, however you can run the command yourself.

Open the command prompt (in administrator mode - important!)

Paste the following command (remember the alias you assign, it's common to use 'server');

keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore star_yourdomain_co_uk.jks -dname "CN=*, O=Your org name, L=Your location, ST=State, C=Country" && keytool -certreq -alias server -file star_yourdomain_co_uk.csr -keystore star_yourdomain_co_uk.jks && echo Your certificate signing request is in star_yourdomain_co_uk.csr. Your keystore file is star_yourdomain_co_uk.jks. Thanks for using the DigiCert keytool CSR helper.

Then check to make sure there is a private key entry by running the following command; 

keytool -list -v -keystore "star_yourdomain_co_uk.jks" 

Once you have done this it should give you two files a .JKS and a .CSR 

Use that CSR to reissue the certificate through your certificate provider account. 

Once you have the new certificate downloaded run the command to import that certificate into the new keystore created. 

keytool -import -trustcacerts -alias server -file star_yourdomain_co_uk.p7b -keystore star_yourdomain_co_uk.jks

Before Tomcat can accept the SSL connections a few changes have to be made to the server.xml file. Basically you need to point to your new keystore file, and add the alias name you assigned in the first steps ('server').

Go to the Tomcat home directory and find the server.xml file, make the changes below;

<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true"clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="/home/user_name/your_site_name.jks" keystorePass="your_keystore_password" />

Now restart the Tomcat service and visit your site.

Rate this blog entry:
FTP Users & Windows Server 2012
Java Keytool Keystore Commands


No comments yet