Certificate Installation: Java-based Webservers (e.g. Tomcat) using keytool
Adaugat de Ciprian COZOPLEAN, Last modified by on 15 Mar 2009 04:16 PM

Certificate Installation: Java-based Webservers (e.g. Tomcat) using keytool

Installing a Certificate Signing Request (CSR) with a Java-based Webserver such as Tomcat, using keytool

You will have received your certificate from us, a file typically named 'your_domain_com.crt' as well as the intermediate [download root & intermediate certificates from Root & Intermediate Certificates]. The root certificate [download root & intermediate certificates from Root & Intermediate Certificates] is also provided.

You need to copy these files to your server, and then move to the directory where the keystore that was used to generate the CSR is located. Then execute the commands below to install the certificates.

  1. Firstly, import the root certificate (called [download root & intermediate certificates from Root & Intermediate Certificates]), with the following command:
    keytool -import -trustcacerts -alias root -file [download root & intermediate certificates from Root & Intermediate Certificates] -keystore my_keystore.jks

    Replace the file 'my_keystore.jks' with the filename and path you wish to locate the keystore. Do this in all the commands below as well.



  2. Next import the intermediate certificate (called [download root & intermediate certificates from Root & Intermediate Certificates]), with the following command:
    keytool -import -trustcacerts -alias [download root & intermediate certificates from Root & Intermediate Certificates] -file [download root & intermediate certificates from Root & Intermediate Certificates] -keystore my_keystore.jks

    Repeat this command with any other intermediates certificates you received. [download root & intermediate certificates from Root & Intermediate Certificates]



  3. Finally, import the site certificate (the file with your domain in the filename), with the following command:
    keytool -import -trustcacerts -alias server -file your_domain_com.crt -keystore my_keystore.jks

    The 'server' alias should be the same alias name as you used when creating the CSR. For Tomcat servers, this should be 'tomcat'.



  4. The certificates are all installed in the keystore, and you can configure your software to use that keystore.
    To do this with Apache Tomcat, you can edit the 'server.xml' file.
    Open the file, and search for a line that looks like the below, replacing the parts hightlighted to match your keystore (port, keystoreFile and keypass):
    <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" 
    enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS" keystoreFile="/path/to/my_keystore.jks" keypass="mykeystorepassword"/>
Notes:
If you do not enter an alias with the '-alias' command flag when generating the CSR, the default alias will be used, 'mykey'. Use this alias at step 3.

For Tomcat, change the '-alias server' to '-alias tomcat'
(245 vote(s))
Helpful
Not helpful

Comentarii (0)
Adauga un comentariu nou
 
 
Nume Complet:
Email:
Comentarii:
Verificarea CAPTCHA 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).