For enabling ssl in tomcat first we need to create a keystroke file
Create keystroke
# keytool -genkey -alias svr1.tecadmin.net -keyalg RSA -keystore /etc/pki/keystore
Sample o/p:
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: Arun Mohan
What is the name of your organizational unit?
[Unknown]: G7cr
What is the name of your organization?
[Unknown]: G7cr tech
What is the name of your City or Locality?
[Unknown]: Bangalore
What is the name of your State or Province?
[Unknown]: Karnataka
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=Arun Mohan, OU=G7cr, O=G7cr tech, L=Bangalore, ST=Karnataka, C=IN correct?
[no]: yes
Enter key password for
(RETURN if same as keystore password):
Re-enter new password:
The keystroke file will be saved in /etc/pki
Get CA Signed SSL [ Ignore SelfSigned Users ]
Create CSR:
# keytool -certreq -keyalg RSA -alias svr1.tecadmin.net -file svr1.csr -keystore /etc/pki/keystore
Install the root certificate:
# keytool -import -alias root -keystore /etc/pki/keystore -trustcacerts -file root.crt
Install the issued certificate:
# keytool -import -alias svr1.tecadmin.net -keystore /etc/pki/keystore -trustcacerts -file svr1.tecadmin.net.crt
Configure Tomcat with Keystore
#vi /opt/tpmcat/ conf/server.xml
<Connector port="8443" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
SSLEnabled="true"
scheme="https"
secure="true"
sslProtocol="TLS"
keystoreFile="/etc/pki/keystore"
keystorePass="_password_" />
Restart tomcat service
#service tomcat restart
Create keystroke
# keytool -genkey -alias svr1.tecadmin.net -keyalg RSA -keystore /etc/pki/keystore
Sample o/p:
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: Arun Mohan
What is the name of your organizational unit?
[Unknown]: G7cr
What is the name of your organization?
[Unknown]: G7cr tech
What is the name of your City or Locality?
[Unknown]: Bangalore
What is the name of your State or Province?
[Unknown]: Karnataka
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=Arun Mohan, OU=G7cr, O=G7cr tech, L=Bangalore, ST=Karnataka, C=IN correct?
[no]: yes
Enter key password for
(RETURN if same as keystore password):
Re-enter new password:
The keystroke file will be saved in /etc/pki
Get CA Signed SSL [ Ignore SelfSigned Users ]
Create CSR:
# keytool -certreq -keyalg RSA -alias svr1.tecadmin.net -file svr1.csr -keystore /etc/pki/keystore
Install the root certificate:
# keytool -import -alias root -keystore /etc/pki/keystore -trustcacerts -file root.crt
Install the issued certificate:
# keytool -import -alias svr1.tecadmin.net -keystore /etc/pki/keystore -trustcacerts -file svr1.tecadmin.net.crt
Configure Tomcat with Keystore
#vi /opt/tpmcat/ conf/server.xml
<Connector port="8443" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
SSLEnabled="true"
scheme="https"
secure="true"
sslProtocol="TLS"
keystoreFile="/etc/pki/keystore"
keystorePass="_password_" />
Restart tomcat service
#service tomcat restart