Here are the steps to installing a SSL cert (it varies slightly based
on who your certificate authority [CA] is):
Generate a CSR with keytool (it must be key tool despite what the
tomcat docs say since for whatever reason it refuses to import from
any other SSL tool):
keytool –keystore clientkeystore –genkey –alias mykey
Submit the above to your CA (they will give you directions on how to
submit it) and have them issued a signed cert for it
The signed cert usually comes with some intermediate files (this is
the part that varies by CA) which you have to apply in order to the
keystore (the following is the set of files I use):
keytool -noprompt -importcert -alias AAACertificateServices -file
AAACertificateServices.crt -keystore sslStore
keytool -importcert -trustcacerts -keystore sslStore -file
USERTrustRSAAAACA.crt -alias USERTrustRSAAAACA
keytool -importcert -trustcacerts -keystore sslStore -file
/SectigoRSAOrganizationValidationSecureServerCA.crt -alias
SectigoRSAOrganizationValidationSecureServerCA
keytool -importcert -trustcacerts -alias mykey (this *MUST* match the
alias of the CSR you submitted to the CA)
-file 1008013344repl_2.crt -keystore sslStore
Modify the tomcat server.xml to uncomment out the right https line in
the config and tell it where to find the sslStore (some OS's force you
to put it in $TOMCAT_HOME)... for example I do the following:
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="/usr/local/apache-tomcat-9.0/keystore"
keystorePass="mySuperSecretPassword"
clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2"/>
Restart tomcat and you should have SSL how if you go to https if you
on port 8080 you will likely want to put in 8443 not 443
References:
https://docs.oracle.com/cd/E19509-01/820-3503/ggezu/index.html
On Mon, Jul 18, 2022 at 8:11 AM Jasmin Ćatić <jasmin.cati...@gmail.com> wrote:
>
> Now I have another setback.
> I have my tomcat running on the domain name www.mydomain.com and I have an
> SSL certificate on this domain (CA_BUNDLE, Certificate and Key) in my
> CPanel.
> How to configure Tomcat to use this SSL and HTTPS protocol.
>
> Thanks again for your help
>
> pon, 18. srp 2022. u 08:24 Jasmin Ćatić <jasmin.cati...@gmail.com> napisao
> je:
>
> > Thank you very much. I have done it successfully.
> > Best regards
> > JC
> >
> > ned, 17. srp 2022. u 09:08 Thomas Hoffmann (Speed4Trade GmbH)
> > <thomas.hoffm...@speed4trade.com.invalid> napisao je:
> >
> >> Hello,
> >>
> >> > -----Ursprüngliche Nachricht-----
> >> > Von: Aryeh Friedman <aryeh.fried...@gmail.com>
> >> > Gesendet: Sonntag, 17. Juli 2022 08:43
> >> > An: Tomcat Users List <users@tomcat.apache.org>
> >> > Betreff: Re: Publishing Tomcat webapp
> >> >
> >> > On Sun, Jul 17, 2022 at 2:39 AM Aryeh Friedman
> >> > <aryeh.fried...@gmail.com>
> >> > wrote:
> >> > > Once you have it pointing to that domain just upload the war file to
> >> > > it
> >> > and give people the link.
> >> >
> >> > Small wording correction... I mean upload the war file as being a part
> >> of the
> >> > webapp and/or a part of an other webapp you have for downloading...
> >> > take a look at the download section of the site I list in my signature.
> >> >
> >> > --
> >> > Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
> >>
> >> Usually you need 2 things:
> >> 1) A webserver or webspace. This includes a public IP address
> >> 2) A domain. You can buy it online.
> >>
> >> When you own a domain, you have access to the DNS settings. Create an
> >> A-Record with the domain-name and point it to the IP address of your
> >> server.
> >> If an A-records already exists, modify it to point to the IP address of
> >> the server.
> >>
> >> Install tomcat on the webserver and install your web-application.
> >> Tomcat listens per default on all ports, so no special configuration
> >> needed (only if you host multiple domains on that server).
> >>
> >
--
Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
