Deploying SSL Certificate on Tomcat

  1. Download the Keystore Explorer from here as per your Operating System.

  2. Install the Keystore Explorer.

  3. Open the Keystore Explorer.

  4. Click on “Create a new KeyStore” and then select “JKS”.

  5. Now we will Generate Key Pair, by clicking on icon from below the screen.

  6. While Generating Key Pair, select RSA from the dialog and click on OK.

  7. A new dialog will appear, now click on in front of Name.

  8. Provide information in the dialog below, you can also provide domain name in place of IP address in Common Name and then click on OK.

  9. After providing all the information in step 7, it will look like this, verify details and click on OK.

  10. Now provide Alias name to Key Pair generated and then click on OK.

  11. Now provide New Password and Confirm Password for the Key Pair.

  12. Now your Key Pair is generated successfully.

  13. Now you can Save the Key Pair as .JKS file on the local disk.

  14. Now Generate Certificate Signing Request (CSR) file to create a certificate file by right-clicking on generated Key Pair.

  15. Save CSR file to local disk.

  16. Now provide this CSR file to Certificate Authority (CA) to create an SSL Certificate.

  17. Now we will create a Self Signed SSL Certificate.

  18. To create a Self Signed SSL Certificate, right-click on generated Key Pair, click on Export, and then Export Certificate Chain.

  19. Save the certificate (.cer) file on the local disk by clicking on Export.

  20. Now we will Import the SSL Certificate (CA-signed or Self-Signed certificate) to Key Pair to be used in Tomcat.

  21. To Import the SSL Certificate, click on from the header and select the certificate file provided by CA or Self-Signed Certificate.

  22. Now the certificate is imported to the Key Pair and Save the Key Pair(.jks file).

  23. Also, Import the certificate file to "cacerts" located at %JAVA_HOME%\jre\lib\security\cacerts. If asked for a password, provide “changeit”.

  24. To Import the SSL Certificate in cacerts, click on from the header and select the certificate file provided by CA or Self-Signed Certificate.

  25. Provide Alias name while importing the certificate, Now the certificate is imported to cacerts.

  26. Now, we will configure Tomcat to use SSL Certificate.

  27. Configure SSL/TLS Connector in TOMCAT_DIR/conf/server.xml, Copy and paste the below connector to server.xml and replace the value of keyAlias, keystoreFile, keystorePass with yours.

     <Connector port="5443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="SSL" keyAlias="myapp" keystoreFile="D:/SSL Certificate/myapp.jks" keystorePass="admin" sslEnabledProtocols="TLSv1.2"/>

  28. Save the changes to the server.xml file.

  29. Start/Restart the Tomcat server. Access the Tomcat server from browser with HTTPS (https://localhost:5443)

  30. Congratulations! You've successfully installed your SSL certificate.

Comments

  1. Pragya BopcheAugust 10, 2020 at 9:07 AM

    Very well explained... It was of great help... Please share the SSL configuration for Keycloak as well.

    ReplyDelete

Post a Comment

Popular posts from this blog

Installation of Virtual Box for Virtual Machine

Image
Installation of Virtual Box(VM): Download VirtualBox from VirtualBox site ( https://www.virtualbox.org/ ) according to your host machine configuration. Install .exe file (VirtualBox-5.0.24-108355-Win).   Launch the VirtualBox. Select  New from the menubar. Now write Name for new Guest OS, Select Type, Select  Version. Select RAM size. Select Disk. Select Disk file type. Select Storage on HDD.(prefer Dynamic) Select Virtual Disk Size Now the Guest OS appears in the left hand side list. Right Click on our Guest OS and go to Settings. In Settings → Storage. In Storage Tree → Controller: IDE. Add new Optical Disk and add your Ubuntu .iso image file as IDE Primary Master. Then Click OK Now Double Click on new Guest OS, It will starts Installation of new Guest OS. Complete the Installation process of new Guest OS. After Installation Login to your account. Now you may face some GUI problems...
Read more

Installation of HMail Server

Image
Create your mail server in few easy steps, 1. Download the latest version of hMail Server from website https://www.hmailserver.com/download 2. Install the hMail Server in default directory location. 3. Now search for "hMailServer Administrator" in Start menu. 4. Now click on Add in Right hand side as shown in image. I have already added server name “localhost” . 5. Now in Server Information, Add Hostname, hMailServer Username(Here we are using Administrator) and enter select “Save Password” from radio button & enter password of your choice. 6. Now your server gets added to Server list, select your server and click on “Connect”. 7. Now password for server will be asked, Enter the password you have used in step 5. 8. Now after successful login to server, Administrator window will be opened. Here you have to Add domain to your server. 9. Add domain name of your choice in General and click on “Save”. 10. Domain gets added, now ...
Read more