Installing SSL certificate on Tomcat

Recently I installed SSL certificate on tomcat. Thought below information might be helpful for others installing SSL certificate on tomcat.There are two ways of installing SSL certificate in tomcat:

  • CA gives only certificate against CSR.
  • CA gives you certificate and private key

CA gives only certificate against CSR

In this scenario, you create CSR request using jdk keytool and send CSR file to CA (Certificate Authority). Then CA send gives you the certificate to import. In this scenario you need to perform below two steps:

  • Download chain certificate from CA where you obtained the certificate and import it in new keystore with following command:
		keytool -import -alias root -keystore <your_keystore_filename>
			-trustcacerts -file <filename_of_the_chain_certificate>
  • Import CA provided certificate into the same  keystore as used above:
keytool -import -alias tomcat -keystore <your_keystore_filename>
	-trustcacerts -file <your_certificate_filename>

CA gives you certificate and private key

In this scenario CA provides you two thing i.e private key and certificate. you need to perform below two steps:

  • Download chain certificate from CA where you obtained the certificate.
  • Till now you have 3 things namely private key, certificate and chain certificate. Use following command to make your keystore:
openssl pkcs12 -export -in mycert.crt -inkey mykey.key \
                        -out mycert.p12 -name tomcat -CAfile myCA.crt \
                        -caname root -chain
For openSSL install microsoft tool available at http://www.slproweb.com/products/Win32OpenSSL.html
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s