Install SSL on Apache Tomcat (Windows server 2016)

 

Hi, Let us see installation of SSL on Windows server 2016.

Pre requisites:- 1. SSL .crt file
                          2. CA-Bundle file
                          3. Private key file (if present)
                          4. OpenSSL
                          5. JRE 1.8
                          6. Environment variables of 4 & 5 defined.

Steps:

1.     Copy and paste .crt file, CA-Bundle file and key file in on directory.

2.     Open command prompt with current directory as in step 1. Execute following command
>openssl pkcs12 –export –in domainname.com.crt –inkey domainname.pem –certfile domainbundle.file –out domainname.p12

3.     Then execute following command
> keytool –importkeystore –srckeystore domainname.p12 –srcstoretype PKCS12 –destkeystore domainname.keystore

4.     Once .keystore file is created, check the file by following command
>keytool –keylist –v –keylist domainname.keystore
The output should contain “Certificate[1]” and “Certificate key length: 4” fields. If these fields are not preset, something went wrong as certificate is not imported to keystore.

5.     Go to Apache Tomcat server configuration file (Server.xml). Add following lines


<Connector port="443" maxHttpHeaderSize="8192" maxThreads="100" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="/home/user_name/your_site_name.jks"
keystorType="PKCS12" keystorePass="your_keystore_password" />

 

 In above lines, replace all the ‘key….’ Variables with appropriate ones.

 

 

What if Private key is missing?

1.     Go to Win+R --> mmc.exe --> OK --> File --> Add/Remove Snap-in --> Certificates --> Add --> Computer account --> Next --> Local computer --> Finish --> OK

2.     Then navigate to Certificate Enrollment Requests è Certificates (if the certificate request was not completed) or Personal è Certificates (if the certificate request was already completed) folder, right-click on the certificate entry and click All Tasks è Export to open the export wizard.

3.     As a result, you will receive a .pfx file containing the key. To get the key in plain text, you can convert the .pfx into PEM encoded files using tool here.

4.     Once these steps are successfully completed, place the .pem file in directory where all other required files are present.

Checkmark:-

            Once all of the above steps are completed successfully, restart the tomcat and check domain name in the browser. It will show SSL applied.

 

 

  • 0 Korisnici koji smatraju članak korisnim
Je li Vam ovaj odgovor pomogao?

Vezani članci

Cron Job scheduler

Setting Up a Cronjob in GPUonCLOUD Cloud Cronjob allows you to configure regularly scheduled...

GPUonCLOUD Dashboard Guide

This guide will help you with the basic information on GPUonCLOUD dashboard usage and  to get...

How to connect to Environment with FileZilla and Putty/SSH with Key

Hi, We will go through process of connecting to our environment via SSH and FTP with provided...

Build and Deploy Hooks

Hook is a term used to indicate a code insertion into some standard operation to provide...

How to Deploy Magento into GPUonCLOUD PHP Cloud

Magento is an extremely popular open source e-commerce service powered by PHP. It provides a...

Powered by WHMCompleteSolution