vicker313 tech blog

December 23, 2010

Setup SSL Certificate at Tomcat

Filed under: Server, Tomcat — Tags: , , — vicker313 @ 9:12 am

The method here is to implement CA certified SSL certificate in Tomcat Service.

  1. Generate a key store file using keytool utility (installed together with JDK). It will ask for a password to generate the key store file.
    keytool -genkey -alias <any alias name> -keyalg RSA -keystore <output file>
    For example:
    keytool -genkey -alias tomcat -keyalg RSA -keystore tomcat.key
  2. Generate a certificate request file.
    keytool -certreq -keyalg RSA -alias <alias> -file <output file> -keystore <keystore file>
    Example:
    keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore tomcat.key
  3. Then submit the certificate request to your CA. Normally you just need to submit the content of the request file.
  4. As a result you will get the content of the certificate. Copy the content and save it as a certificate file (for example tomcat.cer)
  5. For some CA (like Thawte), you need to download the CA trusted certificate from the their website in order to complete the implementation (EV_Root.cer and EV_intermediate.cer)
  6. Finally import the certificates using command below:
    keytool -import -alias <alias name> -keystore <keystore file> -trustcacerts -file <certificate>
    For example:
    keytool -import -alias EV_Root -keystore online.key -trustcacerts -file EV_Root.cer
    keytool -import -alias EV_intermediate -keystore online.key -trustcacerts -file EV_intermediate.cer
    keytool -import -alias tomcat -keystore tomcat.key -trustcacerts -file tomcat.cer

Some references to retrieve private key from the key store that you generate.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: