Import a Signed Certificate Into a New Key Store
Are you a software developer? Do you need to setup Tomcat with a secure connector using an existing signed certificate? If you follow the directions laid out in the post then you should be up and running quickly.
What you’ll need: #
- GNU/Linux Host
- Apache Tomcat Installation
- Root Access
- A Signed Certificate
- The Private Key File for the Signed Certificate
Create PKCS12 File #
First create a PKCS12 file using the signed certificate and key.
root@www0:~# openssl pkcs12 -export -in runbymany.com.crt -inkey runbymany.com.key -name *.runbymany.com -out runbymany.com.p12
Create KeyStore File #
Second, you will need to create a keystore using the signed certificate and key.
NOTE: Select a value for PASSWORD and remember it.
root@www0:~# keytool -importKeyStore -deststorepass PASSWORD -destkeystore runbymany.com.jks -srckeystore runbymany.com.p12 -srcstoretype PKCS12
Update Server.xml and Restart Tomcat #
Finally, you will need to update your server.xml with the new configuration (remember to substitute PASSWORD with what you used previously and to change PATH_TO_TOMCAT to the installation directory of Apache Tomcat):
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="1000" scheme="https" secure="true"
SSLEnabled="true" keystoreFile="PATH_TO_TOMCAT/conf/runbymany.com.jks"
keystorePass="PASSWORD" clientAuth="false" sslProtocol="TLS" maxPostSize="97589953"
URIEncoding="UTF-8" tcpNoDelay="true" enableLookups="false" disableUploadTimeout="true"
acceptCount="100" minSpareThreads="20" emptySessionPath="true" maxHttpHeaderSize="8192"/>