Monday, 20 October 2014

Installing SSL Certificate on Linux Tomcat Server

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. With a secure web server, clients can connect to your server secure in the knowledge both that it is who it claims to be and that the transaction is well-encrypted so their data is safe.

  • Here are the few steps to install SSL Certificate.

1. First create a keystore file using below command.
keytool -genkey -alias domainname.com -keyalg RSA -keystore keystore.jks -keysize 2048

2.Generate an CSR(Certificate Signing Request).
keytool -certreq -alias domainname.com -keystore keystore.jks -file domainname.csr

3.Import root certificate.
keytool -import -alias root -keystore keystore.jks -trustcacerts -file root.crt

4. Import intermidiate certificate.
keytool -import -alias intermed -keystore keystore.jks -trustcacerts -file intermediate.crt

5. Install your certificate.
keytool -import -alias domainname.com -keystore keystore.jks -trustcacerts -file keystore.crt


  • Configuration of connector in Apache - In tomcat server.xml file, you have to add some parameters to the connector tag like SSLEnabled, Address, Keystore file, Password of keystore file etc.

<Connector port="443" protocol="HTTP/1.1" address="192.168.2.111" SSLEnabled="true"
maxThreads="500" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/home/user/keystore_yuspeed.jks"
keystorePass="password" />

2 comments:

  1. helllo
    i have questions?
    Whats intermed? where am i supposed to get that?
    the ip address in the severl.xml where does it come from?

    thanks

    ReplyDelete
  2. SSL Certificates Provider , (secure socket layer) security is a must have for any online ecommerce website or any site which that wishes to accept payments. SSL certificates are a massive benefit to your website and your visiting customers.

    ReplyDelete