Tomcat SSL证书问题

Question

I havre a AD issued Cert to bind to TomCat SSL Install.

I create the keystore/import the certificate:

keytool -import -alias stan -file myadcert.cer -keystore webserverkeystore

• Configured SSL Connector referencing Keystore

List item

Restart the TomCat service

When i go to the certs FQDN/webapp.html - i get nothing.

Why is this?

There is talk of converting the .cer cert to a jks? Also that there is the need to install a root cert or intermediate cert is it?

Does anyone know how this is made simple. I have gone through the documentation and it is really not very clear having followed the steps carefully.

Would be grateful for any help.

Thanks

Answer 1

You started by generating a keypair in the KeyStore.

You then generated a CSR.

You then had the CSR signed and obtained a signed certificate.

You now have to import the certificate into the same KeyStore, using the same alias you started with , and without the -trustcacerts option.

Answer 2

there are various types of certificates - domain, root, bundle_ca
So you need to include all of them in your JKS (java key store)

     <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" 
        scheme="https" secure="true" clientAuth="false" 
        sslProtocol="TLS"
        keystoreType="PKCS12" 
        keystoreFile="/conf/certificate/tomcatm.p12" 
        keystorePass="password" 
        ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_25‌​6_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" />

this is what i did and it worked with great.

hope you have also done the following
1. mapped the namedserver to the domain
2. changed the A records in DNS
3. domain is working in non https mode (to just confirm)
4. restart the tomcat after mapping the JKS , Certificates url in server.xml

good luck