Tomcat : Setup SSL Cetrificate On Tomcat

The step to setup SSL certificate on Tomcat server

a) Requirement

1.The active certificate

• intermediate certificate
• certificate
• private key
  

2. The Tool

• keytool
• openssl 

 b) Configuration

1. Import trustcert to keystore - MUST follow the step to insert the certificate

#keytool -import -trustcacerts -alias AAACertificateServices -file AAACertificateServices.crt -keystore /usr/local/tomcat7/ssl/jsptomcat.keystore

#keytool -import -trustcacerts -alias USERTrustRSAAAACA -file USERTrustRSAAAACA.crt -keystore /usr/local/tomcat7/ssl/jsptomcat.keystore

#keytool -import -trustcacerts -alias SectigoRSADomainValidationSecureServerCA -file SectigoRSADomainValidationSecureServerCA.crt -keystore /usr/local/tomcat7/ssl/jsptomcat.keystore

#keytool -import -trustcacerts -alias CERT_domain.x.x -file CERT_domain.x.x.crt -keystore /usr/local/tomcat7/ssl/jsptomcat.keystore

2. Import the file to PKCS12

#openssl pkcs12 -export -in cert_unisel.edu.my.crt -inkey key_unisel.edu.my.key -name tomcat -out tomcat.p12

3. Import the keystore to PKC12

#keytool -importkeystore -destkeypass unisel123 -destkeystore jsptomcat.keystore -srckeystore tomcat.p12 -srcstoretype PKCS12 -srcstorepass unisel123

#keytool -importkeystore -srckeystore jsptomcat.keystore -destkeystore jsptomcat.keystore -deststoretype pkcs12

4. Import the PKCS12 to JKS

#keytool -importkeystore -destkeypass unisel123 -destkeystore jsptomcat.jks -srckeystore tomcat.p12 -srcstoretype PKCS12 -srcstorepass unisel123

5. Change the server.xml to make use of this certificate

 <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               keystoreFile="/usr/local/tomcat7/ssl/jsptomcat.jks"
               keystorePass="xxxxxx"
               clientAuth="false" sslProtocol="TLS" />

6. Save the server.xml and restart the Tomcat service

7. Test the domain. The https should active now