Hi, Let us see installation of SSL on Windows server 2016.
Pre requisites:- 1. SSL .crt file
2. CA-Bundle file
3. Private key file (if present)
4. OpenSSL
5. JRE 1.8
6. Environment variables of 4 & 5 defined.
Steps:
1. Copy and paste .crt file, CA-Bundle file and key file in on directory.
2. Open command prompt with current directory as in step 1. Execute following command
>openssl pkcs12 –export –in domainname.com.crt –inkey domainname.pem –certfile domainbundle.file –out domainname.p12
3. Then execute following command
> keytool –importkeystore –srckeystore domainname.p12 –srcstoretype PKCS12 –destkeystore domainname.keystore
4. Once .keystore file is created, check the file by following command
>keytool –keylist –v –keylist domainname.keystore
The output should contain “Certificate[1]” and “Certificate key length: 4” fields. If these fields are not preset, something went wrong as certificate is not imported to keystore.
5. Go to Apache Tomcat server configuration file (Server.xml). Add following lines
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="100" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="/home/user_name/your_site_name.jks"
keystorType="PKCS12" keystorePass="your_keystore_password" />
In above lines, replace all the ‘key….’ Variables with appropriate ones.
What if Private key is missing?
1. Go to Win+R --> mmc.exe --> OK --> File --> Add/Remove Snap-in --> Certificates --> Add --> Computer account --> Next --> Local computer --> Finish --> OK
2. Then navigate to Certificate Enrollment Requests è Certificates (if the certificate request was not completed) or Personal è Certificates (if the certificate request was already completed) folder, right-click on the certificate entry and click All Tasks è Export to open the export wizard.
3. As a result, you will receive a .pfx file containing the key. To get the key in plain text, you can convert the .pfx into PEM encoded files using tool here.
4. Once these steps are successfully completed, place the .pem file in directory where all other required files are present.
Checkmark:-
Once all of the above steps are completed successfully, restart the tomcat and check domain name in the browser. It will show SSL applied.