Tomcat Cert Generation
First we create the cert to asociate the tomcat instance:
tomcat@achtung:~$ keytool -genkey -alias tomcat -keyalg RSA -validity 3650 -keystore $HOME/.keystore
Enter keystore password:
What is your first and last name?
[Unknown]: achtung
What is the name of your organizational unit?
[Unknown]: telco
What is the name of your organization?
[Unknown]: telco
What is the name of your City or Locality?
[Unknown]: cambridge
What is the name of your State or Province?
[Unknown]: worcestershire
What is the two-letter country code for this unit?
[Unknown]: en
Is CN=achtung, OU=telco, O=telco, L=cambridge, ST=worcestershire, C=en correct?
[no]: yes
Enter key password for <tomcat>
(RETURN if same as keystore password):
ocm@achtung:~$
Ask as the security level you want to reach, same password at both less secure, you decice.
Checking the new cert is generated:
tomcat@achtung:~$ keytool -list
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
tomcat, Jan 18, 2012, PrivateKeyEntry,
Certificate fingerprint (MD5): KK:D9:7A:KK:30:57:DC:E9:KK:89:59:B8:89:6C:BD:KK
And now we can point to the cert at the CATALINA_HOME/conf/server.xml file:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/usr/tomcat/.keystore" keystorePass="changeme"/>
This section is commented by default, you have to remove the <!— —>
Now you can run a shutdown.sh && startup.sh, and test the log and listening ports!
Jan 18, 2012 5:44:03 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8443
tomcat@achtung:~$ netstat -tnlp | grep 8443
tcp6 0 0 :::8443 :::* LISTEN 6023/java
page revision: 4, last edited: 08 Jun 2018 10:47