Tomcat SSL Configuration in simple steps
- 187 Views
- 5 Likes
- September 3, 2018 11:38 PM
Introduction to SSL
Secure Sockets Layer (SSL) allow web browsers and web servers to communicate over a secured connection. Using SSL data sent in encrypted format by one side, transmitted, then decrypted by the other side before processing. This communication is a two-way process, meaning that both the server AND the browser encrypt all traffic before sending out data.
PublicKey Certificate Diagram
Another important use of the SSL protocol is Authentication. This means that during your initial attempt to communicate with a web server over a secure connection, that server will present your web browser with a set of credentials, in the form of a "Certificate", as proof the site is who and what it claims to be.
Create New Keystore
To generate Keystore using command prompt, Open command prompt as administrator and go to bin
folder in java installation directory and use below command -
JAVA_HOME\bin\keytool -genkey -alias [set alias_name] -keyalg RSA -keysize 2048 -keystore [jksfilename].jks
and “Press Enter” and set password.
After setting password provide below information to create correct jks file.
1. First name and last name - Here you can set your website name. For example - www.example-ssl.com.
2. Organizational unit - Here you need to set (Organizational unit) OU. For example - IT.
3. Organization Name- Here you need to set (Organization) O . For example - xyz pvt ltd.
4. City or Locality - Here you need to set (City) L . For example - Noida.
5. State or Province - Here you need to set (State) ST. For example - Utter Pradesh or UP.
6. Country Code - Here you need to set (Country Code) C. For example - For India it will be IN.
After providing all these information enter yes if all provided information is correct otherwise enter no and edit information and then enter yes.
Note - By default generated JKS file will be save in JAVA_HOME\bin\ folder or you can provide different file save location
For example - JAVA_HOME\bin\keytool -genkey -alias [set alias_name] -keyalg RSA -keysize 2048 -keystore [d:/jksfile/jksfilename].jks
Generate a CSR from Your New Keystore
TO generate CSR file from keystore use below command -
JAVA_HOME\bin\keytool -certreq -alias [alias_name] -file [csr.txt] -keystore [jksname].jks
“Press Enter” and type same password set in step 1.
Share csr file with System team and they will share either (root or local certificate) or .p7b file.
Note - By default generated CSR file will be save in JAVA_HOME\bin\ folder or you can provide different file save location
For example - JAVA_HOME\bin\keytool -certreq -alias [alias_name ] -file dirname/csr.txt -keystore [jksname].jks
Installing the SSL Certificates to the Keystore
To install certificate use below command -
1. keytool -import -alias [set root certificate alias] -keystore [your_jks_filename] -trustcacerts -file [your_root_certificate_filename]
2. keytool -import -alias [ set alias_name] -keystore [your_jks_filename] -file [your_trusted_certificate_filename]
Leave a Comment: