Using OpenSSL to Create a Certificate Keystore for Tomcat

https://jamfnation.jamfsoftware.com/article.html?id=138


Overview

If you have a private key, an SSL certificate, and a certificate bundle from a Certificate Authority (CA), you can use OpenSSL to create a certificate keystore that Tomcat can utilize.

Requirements

The following components are required to create a keystore for Tomcat:
  • OpenSSL
  • Private key with a .key file extension from CA
  • SSL certificate file from CA
  • Certificate bundle from CA

Procedure

  1. Execute the following command to create a .p12 keystore bundle from the private key, SSL certificate, and certificate bundle: 
    openssl pkcs12 -export -in mycert.crt -inkey mykey.key -out mycert.p12 -name tomcat -CAfile myCA.crt -caname root -chain
  2. Enter a password of “changeit” when prompted. Note: If a different password is used, it will need to be specified in the server.xml file.
  3. Once the .p12 keystore bundle is created, move it to the root of the Tomcat directory.
  4. Modify the server.xml file so the connector port includes the following: 
    keystoreType="PKCS12"
  5. Also, update the keystoreFile line of the server.xml file so that it points at the new keystore bundle.
  6. Restart Tomcat. See Starting and Stopping Tomcat for instructions.
  7. Browse to the JSS and verify that the correct certificate is now being used. (For example, in Safari, click the lock button in the upper-right corner of the browser window.)

 <Connector URIEncoding="UTF-8" SSLEnabled="true" clientAuth="false" 
    keystoreType="PKCS12"
    keystoreFile="/Users/jding/cert/server.p12" keystorePass="ipswitch" 
    maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11Protocol" 
    scheme="https" secure="true" sslProtocol="TLS"/>

评论

发表评论

此博客中的热门博文

JavaScript quiz - Scoping related

http://www.nczonline.net/blog/2010/01/26/answering-baranovskiys-javascript-quiz/ Answering Baranovskiy’s JavaScript quiz Posted at January 26, 2010 09:00 am by Nicholas C. Zakas Tags: Hoisting , JavaScript Last week, I tweeted about a JavaScript quiz I came across on Dmitry Baranovskiy’s blog entitled, So you think you know JavaScript? As with other quizzes of this type, there is only one question to answer for five different pieces of example code: what is the result? The example code tests some of the quirkier attributes of JavaScript engine behavior. I’ve seen similar quizzes in the past, sometimes by people saying that they use it as a test during job interviews. I think doing so is both disrespectful to the candidate as well as generally useless. You don’t encounter this type of quirk every day, so making that the minimum to get a job is about as useful as asking flight attendant candidate...
阅读全文

Java SMTP

SubEtha SMTP is a Java library which allows your application to receive SMTP mail with a simple, easy-to-understand API. This component can be used in almost any kind of email processing application. Hypothetical (and not-so hypothetical) uses include: A mailing list manager (see SubEthaMail ) A mail server that delivers mail to user inboxes A mail archiver like The Mail Archive An email test harness (see Wiser ) An email2fax system SMTPseudo A filtering forwarding server Baton SMTP proxy for one or more backends (rules based on sender/envelope) Mireka - Mail server and SMTP proxy with detailed logging, statistics and built-in, fail-fast filters SubEthaSMTP's simple, low-level API is suitable for writing almost any kind of mail-receiving application. Read more in UsingSubEthaSMTP or join our MailingList . A Little History SubEthaSMTP was split out of the SubEthaMail mailing list manager because it is a useful standalone component. When we wrote SubEtha...
阅读全文

qtCreator + Eclipse

http://azurvii.blogspot.com/2012/11/eclipse-qmake-general-purpose-building.html ------------------------------------- Eclipse CDT: great C++ IDE QMake: simple but powerful make-based build system QMake does not work only for Qt toolkit, it could be used for other projects. How I set up CDT + QMake: get CDT and Qt configure CDT to what you like (e.g. showing line number, etc.) add 2 external tools running at project location, one runs qmake -project , and another does qmake -spec macx-g++ qmake -project is used to scan the folders, and pick out what will be c++ compile. It will generate a .pro file qmake alone (or with -spec ) will read the .pro file and generate the actual Makefile. make a qmake.conf file to be included in the .pro file (with a line of include(qmake.conf) ). This is to separate special settings from the .pro file, which would get erased when qmake -project is run. Sample qmake.conf CONFIG -= qt CONFIG += release TARGET = test2 DESTDIR = build...
阅读全文