Monday, September 14, 2009

SSL With an Existing Certificate / Key Pair [ Tomcat ]

Upload the Certificate Files You first need to upload the following to the server:

  • Certificate File.
  • Key File to the server.
  • CA Certificate File.
Convert to PKCS12 format :

[root@test]# openssl pkcs12 -export \
-in certs/www.domain.com.crt \
-inkey certs/www.domain.com.key \
-out www.domain.com.pkcs12 \
-name www.domain.com \
-CAfile certs/ThawteServerCA.cer \
-caname root -chain

Note: This is all one command delimited by the '\'.

Add the connector to %JAVA_HOME%/conf/server.xml

Connector address="192.168.10.18" port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/usr/local/tomcat/conf/certs/www.domain.com.pkcs12" keystoreType="PKCS12" keystorePass="password"/>

Apache Web Resources

http://www.apache.org Apache home page
http://modules.apache.org Apache Module Registry
http://www.apache-ssl.org Apache-SSL home page
http://www.modssl.org mod ssl home page
http://java.apache.org The Java-Apache Project
http://perl.apache.org The Apache/Perl Integration Project
http://www.php.net PHP: Hypertext Processor
http://www.apacheweek.com Apache Week
http://www.netcraft.com survey Netcraft Server Survey
http://www.refcards.com Quick Reference Cards