How to Move SSL certificate from Apache to Tomcat
https://www.sslsupportdesk.com/how-to-move-ssl-certificate-from-apache-to-tomcat/
Apache uses x509 pem/crt files which is is very different than a Tomcat system that uses keystores. You will follow these steps to copy, convert, and move the working Apache certificate to the Tomcat server.
Both Apache and Tomcat are very customizable. The directory location and naming of the individual files needed vary depending on your personalized system. Below are generalized instructions.
We will start by assuming that you have already successfully installed the SSL certificate on the Apache web server.
Step 1: Finding/converting your SSL certificate and key file on Apache:
- Referencing the httpd.conf or ssl.conf file on the Apache system look for the location and directories of the three files necessary.
- SSLCertificateFile /usr/local/ssl/crt/public.crt
SSLCertificateFile tells Apache how to find the the SSL certificate file. - SSLCertificateKeyFile /usr/local/ssl/private/private.key
SSLCertificateKeyFile tells Apache how to find the private key file. - SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt
SSLCertificateChainFile or SSLCACertificateFile tells Apache the location of the Intermediate file.
- SSLCertificateFile /usr/local/ssl/crt/public.crt
- Copy the three files located within these directories into one location.
- Using OpenSSL on the Apache system you will perform the following command line conversion.
Note: you will be prompted for a password.openssl
pkcs12 -export -in public.crt -inkey private.key -out mycert.p12 -name
tomcat -CAfile intermediate.crt -caname intermediate -chain - The exported keystore will be ‘mycert.p12‘ and will be ready for you to migrate to the Tomcat server.
Step 2: Configuring SSL in Tomcat with your keystore:
- On the Tomcat server search and open the Tomcat server.xml file.
- Open the server.xml config file using a text editor (ie. JAKARTA_HOME/conf/server.xml)
Search for the secure element in your config file (try searching
for SSL Connector). By default it should look something like this:
- Change the following attributes to reference the location, name, and password of your keystore.
- keystoreFile=”c:\PATH TO mycert.p12”
- keystorePass=”password of mycert.p12”
- Add The following line under KeystorePass=
- keystoreType=”PKCS12″
- Save the changes.
- Stop and Start Tomcat.Your SSL Certificate/Keystore is now installed, and the website is now configured.
Note: PKCS12 keystore type is only supported with Tomcat JDK 1.5.x+
If unsuccessful you will have to
convert your mycert.p12 file to a .jks file by performing the following
command line in Tomcat using keytool.
keytool -importkeystore -srckeystore mycert.p12 -srcstoretype PKCS12 -destkeystore mycert.jks
If this fails and you cannot get
Tomcat to use the Apache converted keystore you will need to generate a
new keystore and CSR from the Tomcat System and reissue your certificate
to be used on the Tomcat system.
Tomcat Support
For more information refer to Tomcat
How to Move SSL certificate from Apache to Tomcat的更多相关文章
- How To Create a SSL Certificate on Apache for CentOS 6
About Self-Signed Certificates 自签证书.一个SSL证书,是加密网站的信息,并创建更安全的链接的一种方式.附加地,证书可以给网站浏览者显示VPS的的身份证明信息.如果一个 ...
- How To Set Up Apache with a Free Signed SSL Certificate on a VPS
Prerequisites Before we get started, here are the web tools you need for this tutorial: Google Chrom ...
- SSL certificate problem unable to get local issuer certificate解决办法
SSL certificate problem unable to get local issuer certificate 解决办法: 下载:ca-bundle.crt 将它放在自己的wamp或者x ...
- Centos 64位 Install certificate on apache 即走https协议
Centos 64位 Install certificate on apache 即走https协议 一: 先要apache 请求ssl证书的csr 一下是步骤: 重要注意事项 An Importan ...
- Failed to connect to VMware Lookup Service……SSL certificate verification failed
今天登陆vsphere web-client时候,报错如下: Failed to connect to VMware Lookup Service https://vc-test.cebbank.co ...
- How to disable SSL certificate checking with Spring RestTemplate?(使用resttemplate访问https时禁用证书检查)
How to disable SSL certificate checking with Spring RestTemplate?(使用resttemplate访问https时禁用证书检查) **** ...
- 使用Letsencrypt做SSL certificate
为什么要使用Letsencrypt做SSL certificate? 最简单直接的原因是免费.但是免费存在是否靠谱的问题,尤其是对安全要求比较高的网站,需要考虑使用letsencrypt的安全性是否符 ...
- Configure custom SSL certificate for RDP on Windows Server 2012 in Remote Administration mode
Q: So the release of Windows Server 2012 has removed a lot of the old Remote Desktop related configu ...
- (转)How to renew your Apple Push Notification Push SSL Certificate
转自:https://blog.serverdensity.com/how-to-renew-your-apple-push-notification-push-ssl-certificate/ It ...
随机推荐
- 如何通过submit提交form表单获取后台传来的返回值
版权声明:本文为博主原创文章,未经博主允许不得转载. https://blog.csdn.net/qq_34651764/article/details/76373846 小伙伴是不是遇到过这样的问题 ...
- sitecore-CMS
安装sitecore数据库和客户端到本机 (提前先装好数据库和IIS) 安装教程下载:http://download.csdn.net/detail/qq1162195421/6436799 安装 ...
- python request 代理/超时/证书
import requests headers = { "User-Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) A ...
- 常规容器下SpringBootServletInitializer如何实现web.xml作用解析
在之前的<使用jsp作为视图模板&常规部署>章节有过一个实践,需要启动类继承自SpringBootServletInitializer方可正常部署至常规tomcat下,其主要能够起 ...
- 【33.33%】【codeforces 586D】Phillip and Trains
time limit per test1 second memory limit per test256 megabytes inputstandard input outputstandard ou ...
- python3第一天学习(数据类型)
参考blog地址:http://www.cnblogs.com/wupeiqi/articles/5444685.html,然后根据上面知识点练习并总结. 一.数字(int) 1.数字类型说明 在 ...
- Java带参数的线程类ParameterizedThread——即如何给Thread传递参数
在Java中似乎没有提供带运行参数的线程实现类,在第三方类库中也没有找到.网上有大量的文章在讨论这个问题,但都没有提供很好的代码封装解决方案,这令我很吃惊.如果读者知道有官方或者第三方的实现方式,欢迎 ...
- IComparable与排序
IComparable:一种特定于类型的通用比较方法,值类型或类通过实现此方法对特认定进行排序. IComparable的作用是提供了一种比较两个对象的特定类型的方法.这是必需的如果您想要为对象提供任 ...
- 使用nfs映射远程服务器磁盘目录
参考:http://www.centoscn.com/CentosSecurity/SoftSecurity/2015/0408/5118.html http://www.cnblo ...
- Expression.Blend.4 Chapter 图片和视频的使用
原文:Expression.Blend.4 Chapter 图片和视频的使用 翻译的地方可能有错误,欢迎大家指正.但是里面每一个程序都是亲自测试过,并加了点自己的看法. 我翻译的是Expression ...