SSL Certificates (Tomcat)

Samples | SSL Certificates (Tomcat)

Create a self-signed certificate
Verify the self-signed certificate
Configure Tomcat
Test the SSL Certificate

Create a self-signed certificate
Run the following command to create self-signed certificate: $ "${JAVA_HOME}/bin/keytool" -genkey \ -keyalg RSA \ -alias mtitek \ -keystore /opt/cert/keystore \ -dname "CN=localhost, OU=mtitek, O=mtitek, L=Montreal, ST=QC, C=CA" \ -keypass kp123456 \ -storepass sp123456 \ -validity 9999
Notes:
- CN: Common Name (First and last name)
- OU: Organizational Unit
- O: Organization
- L: City or Locality
- ST: State or Province
- C: two-letter country code
- storepass: keystore password (is used to access the keystore)
- keypass: key password (is used to access a certificate within the keystore)
Verify the self-signed certificate
Run the following command to verify that the certificate was created properly: $ "${JAVA_HOME}/bin/keytool" -list -v -keystore /opt/cert/keystore Enter keystore password: sp123456
Output: Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: mtitek Creation date: 13-Oct-2015 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=localhost, OU=mtitek, O=mtitek, L=Montreal, ST=QC, C=CA Issuer: CN=localhost, OU=mtitek, O=mtitek, L=Montreal, ST=QC, C=CA Serial number: 7eb0f60e Valid from: Sun Oct 13 08:50:26 EDT 2015 until: Wed Feb 27 07:50:26 EST 2043 Certificate fingerprints: MD5: 2F:33:F2:81:CD:FA:AA:C2:CB:3E:68:E3:E2:1E:93:90 SHA1: AD:94:5A:E1:23:8D:BA:CA:63:96:24:41:F1:26:9F:C4:2F:C4:C6:DE SHA256: AD:FE:78:B8:A7:D8:D4:2E:CF:F4:83:10:D8:24:56:39:7D:FB:5D:27:AF:21:F3:11:19:1B:73:38:9C:95:2C:94 Signature algorithm name: SHA256withRSA Version: 3 Extensions: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 0F E1 56 7B C8 0F 51 1A 8B 5C 1F 2D 6A 4A 68 46 ..V...Q..\.-jJhF 0010: BB FD 0F 2F .../ ] ] ******************************************* *******************************************
Configure Tomcat
Edit the file: "${TOMCAT_HOME}/conf/server.xml".

Add the https connector: <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/opt/cert/keystore" keyAlias="mtitek" keystorePass="sp123456" keyPass="kp123456" />
Test the SSL Certificate
URL: https://localhost:8443