stackoom
  简体   繁体   中英

Tomcat SSL Cert Issue

 原文  2016-05-24 07:31:08       tomcat/ ssl/ jsse

Question

I havre a AD issued Cert to bind to TomCat SSL Install.

I create the keystore/import the certificate:

keytool -import -alias stan -file myadcert.cer -keystore webserverkeystore

  • Configured SSL Connector referencing Keystore

List item

Restart the TomCat service

When i go to the certs FQDN/webapp.html - i get nothing.

Why is this?

There is talk of converting the .cer cert to a jks? Also that there is the need to install a root cert or intermediate cert is it?

Does anyone know how this is made simple. I have gone through the documentation and it is really not very clear having followed the steps carefully.

Would be grateful for any help.

Thanks

2 answers

solution1
 0  2016-05-25 03:07:28

You started by generating a keypair in the KeyStore.

You then generated a CSR.

You then had the CSR signed and obtained a signed certificate.

You now have to import the certificate into the same KeyStore, using the same alias you started with , and without the -trustcacerts option.

solution2
 0  2018-08-05 17:17:05

there are various types of certificates - domain, root, bundle_ca
So you need to include all of them in your JKS (java key store) 

     <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" 
        scheme="https" secure="true" clientAuth="false" 
        sslProtocol="TLS"
        keystoreType="PKCS12" 
        keystoreFile="/conf/certificate/tomcatm.p12" 
        keystorePass="password" 
        ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_25‌​6_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" />

this is what i did and it worked with great.

hope you have also done the following
1. mapped the namedserver to the domain
2. changed the A records in DNS
3. domain is working in non https mode (to just confirm)
4. restart the tomcat after mapping the JKS , Certificates url in server.xml


good luck

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Difficulty Installing SSL Cert Into Tomcat Tomcat SSL Cert Renewal Issue (SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure) Tomcat SSL certificate from Windows cert manager Calling WebService and having SSL / cert issue How to import ssl wildcard cert from Apache to Tomcat New GoDaddy SSL cert on the same Tomcat server fails? Getting JMX working under Tomcat 7 with SSL and a self-signed cert How can I move my SSL cert from Tomcat to Apache Tomcat redirect on ERR_BAD_SSL_CLIENT_AUTH_CERT SSL Support in Tomcat : Redirect Issue
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM