On 8/2/18, 9:05 AM, Venkataraman Srinivasan wrote:
I used below command to create certificate locally.
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore
/opt/tomcat/apache-tomcat-8.5.32/keystore
Ok. Probably the first thing you need to do is set up your connector to
use that keystore. If it's a Java Keystore, then presumably you will be
using the native/JSSE connector; the other one is for OpenSSL. And there
are plenty of web resources explaining that process in detail. This is
the one I keep bookmarked for reference:
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
Once you have the connector working, if you want your server to be
trusted by strangers, then you need to get that keystore signed.
Using Keytool (or some other utility, like KeyStore Explorer on a
Macintosh), you need to generate a Certificate Signing Request for your
keystore.
You would then choose a Certificate Authority, and buy a certificate. At
some point in the process, you will be asked to upload the CSR. You
might also be asked to provide some sort of proof that you have control
over the domain.
Once the certificate is issued, you would then import the reply, along
with one or more supporting certificates (collectively, a "certificate
chain") into your keystore, again using either Keytool or some more
user-friendly utility, and then plug the signed keystore into your
server. The Certificate Authority, if it's a major one, will probably
have detailed instructions specific to Tomcat.
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org