Sunday, July 4, 2021
Apache Tomcat ssl installation steps
Hello Everyone, Welcome to another blog where i'll walk you through step by step ssl certificate installation on Apache Tomcat server. So lets start without any further due.
Apache Tomcat ssl installation steps
Tomcat SSL Installation Instructions
- Download your certificate files from your certificate authority and save them to the same directory as the keystore that you created during the CSR creation process. The certificate will only work with the same keystore that you initially created the CSR with. The certificates must be installed to your keystore in the correct order.
- Install the Root Certificate file in java keystore: Every time you install a certificate to the keystore you must enter the keystore password that you chose when you generated it. Enter the following command to install the Root certificate file:
keytool -import -trustcacerts -alias root –file RootCertFileName.crt
-keystore yourdomain.jks
- Install the Intermediate Certificate file in java keystore: If your certificate authority provided an intermediate certificate file, you will need to install it here by typing the following command:
keytool -import -trustcacerts -alias intermediate -file
IntermediateCertFileName.crt -keystore yourdomain.jks
If successful, you will see "Certificate was added to keystore".
- Install the Primary Certificate file in java keystore: Type the following command to install the Primary certificate file (for your domain name):
keytool -import -trustcacerts -alias tomcat -file
PrimaryCertFileName.crt -keystore yourdomain.jks
If successful, you will see "Certificate reply was installed in keystore". You now have all the certificates installed to the keystore file. You just need to configure your server to use the keystore file.
Configuring your SSL Connector
Tomcat will first need an SSL Connector configured before it can accept secure connections.
1. Open the Tomcat server.xml file in a text editor (this is usually located in the conf folder of your Tomcat's home directory).
2. Find the connector that will be secured with the new keystore and uncomment it if necessary (it is usually a connector with port 443 or 8443 like the example below).
3. Specify the correct keystore filename and password in your connector configuration. When you are
<Connector port="443" protocol="HTTP/1.1" maxThreads="150" scheme="https" secure="true" SSLEnabled="true" keystoreFile="conf/yourdomain.jks" keystorePass="keystorepassword" clientAuth="false" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2" keyAlias="server" ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA" />
Note: If you are using version 7 of Tomcat you will need to change "keypass" to "keystorePass".
4. Save your changes to the server.xml file.
5. Restart Tomcat.
That's it for now, Hope this has helped you. Stay tuned for more.
Don't forget to bookmark this page for your future references. :)
No comments :
Post a Comment