SSL/https on port 8443 for your Tomcat webapp

1) Create your keystore (.keystore file) in a Tomcat accessible folder:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /usr/share/tomcat-6/.keystore
Be careful when entering the “name” field: this should contain your full domain name.
Source: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Prepare_the_Certificate_Keystore

2) Generate your .key and .csr (Certificate Signing Request) files:

openssl req -nodes -new -keyout foo.key -out foo.csr

Then open your .csr file and copy its content to request a certificate

Sources:
http://en.gentoo-wiki.com/wiki/Apache2/SSL_Certificates#Generating_a_CSR
http://en.gentoo-wiki.com/wiki/Apache2/SSL_Certificates#Requesting_a_Certificate

Save the certificate content in a new .crt file:
vim foo.crt

3) Import your certificate in the keystore:
keytool -import -alias tomcat -keystore /usr/share/tomcat-6/.keystore \
    -file /etc/apache2/ssl/foo.crt

Source: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Importing_the_Certificate

4) Uncomment Connector 8443 in Tomcat configuration file:

vim /var/lib/tomcat-6/conf/server.xml

<Connector protocol=”org.apache.coyote.http11.Http11Protocol”
    port=”8443″ minProcessors=”5″ maxProcessors=”75″
    enableLookups=”true” disableUploadTimeout=”true”
    acceptCount=”100″  maxThreads=”200″
    scheme=”https” secure=”true” SSLEnabled=”true”
    SSLCertificateFile=”/etc/apache2/ssl/foo.crt”
    SSLCertificateKeyFile=”/etc/apache2/ssl/foo.key”
    keystoreFile=”/usr/share/tomcat-6/.keystore”
    keystorePass=”MOTDEPASSEHABITUEL” />

Source: http://www.tbs-certificats.com/FAQ/fr/118.html

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: