I havre a AD issued Cert to bind to TomCat SSL Install.
I create the keystore/import the certificate:
keytool -import -alias stan -file myadcert.cer -keystore webserverkeystore
List item
Restart the TomCat service
When i go to the certs FQDN/webapp.html - i get nothing.
Why is this?
There is talk of converting the .cer cert to a jks? Also that there is the need to install a root cert or intermediate cert is it?
Does anyone know how this is made simple. I have gone through the documentation and it is really not very clear having followed the steps carefully.
Would be grateful for any help.
Thanks
You started by generating a keypair in the KeyStore.
You then generated a CSR.
You then had the CSR signed and obtained a signed certificate.
You now have to import the certificate into the same KeyStore, using the same alias you started with , and without the -trustcacerts
option.
there are various types of certificates - domain, root, bundle_ca
So you need to include all of them in your JKS (java key store)
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
scheme="https" secure="true" clientAuth="false"
sslProtocol="TLS"
keystoreType="PKCS12"
keystoreFile="/conf/certificate/tomcatm.p12"
keystorePass="password"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" />
this is what i did and it worked with great.
hope you have also done the following
1. mapped the namedserver to the domain
2. changed the A records in DNS
3. domain is working in non https mode (to just confirm)
4. restart the tomcat after mapping the JKS , Certificates url in server.xml
good luck
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.