Thursday, 15 September 2022

STEPS TO CONFIGURE SSL ON APACHE TOMCAT


Assumptions 

JAVA Location = C:\java\jre1.8.0_301\bin\keytool

Apache Location = E:\ApacheSoftware\Tomcat9.0

Temporary directory to Create and JKS = C:\Softwares\SSLConfig


Step 1 - Creating the Keystore

Syntax : $JAVA_HOME/bin/keytool -genkey -alias [youralias] -keyalg RSA -keystore [/preferred/keystore/path]

Example : C:\java\jre1.8.0_301\bin\bin\keytool -genkey -alias xxx.mcb.com.kw -keyalg RSA -keysize 2048 -keystore C:\Softwares\SSLConfig\mcb_xxx.jks

Example :- 

Enter keystore password:

Re-enter new password:

What is your first and last name?

  [Unknown]:  mcb Int Company

What is the name of your organizational unit?

  [Unknown]:  ITD

What is the name of your organization?

  [Unknown]:  mcb Int Company

What is the name of your City or Locality?

  [Unknown]:  Kuwait

What is the name of your State or Province?

  [Unknown]:

What is the two-letter country code for this unit?

  [Unknown]:  KW

Is CN=mcb Int Company, OU=ITD, O=mcb Int Company, L=Kuwait, ST=Unknown, C=KW correct?

  [no]:  yes

Enter key password for <server>

        (RETURN if same as keystore password):

Re-enter new password:


IT WILL CREATE A KEYSTORE FILE AT LOCATION C:\Softwares\SSLConfig\mcb_xxx.jks



Step 2 - Creating the Certificate Signing Request

syntax  : $JAVA_HOME/bin/keytool -certreq -keyalg RSA -alias [youralias] -file [yourcertificatname].csr -keystore [path/to/your/keystore]

Example : C:\java\jre1.8.0_301\bin\keytool -certreq -alias xxx.mcb.com.kw -file C:\Softwares\SSLConfig\mcb_onpay.csr -keystore C:\Softwares\SSLConfig\mcb_xxx.jks

A CSR IS CREATED AT LOCATION C:\Softwares\SSLConfig\mcb_onpay.csr. PICK UP THIS CSR AND HANDOVER TO THE SIGNING AUTHORITY


Step 3 - Installing Your New Certificate 

ONCE YOU RECEIVE THE SIGNED CERTIFICATE,COPY TO LOCATION C:\Softwares\SSLConfig\star_mcb_com_kw.p7b


To import the Root Certificate -

keytool -import -alias root -keystore [path/to/your/keystore] -trustcacerts -file [path/to/the/root_certificate]

To import your new Certificate -

keytool -import -alias [youralias] -keystore [path/to/your/keystore] -file [path/to/your_keystore]

IF YOU HAVE P7B FORMAT, YOU CAN USE BELOW

C:\java\jre1.8.0_301\bin\keytool -import -alias xxx.mcb.com.kw -file C:\Softwares\SSLConfig\star_mcb_com_kw.p7b -keystore C:\Softwares\SSLConfig\mcb_xxx.jks


Step 4 - Configuring Tomcat's SSL 

--> Copy the signed JKS C:\Softwares\SSLConfig\mcb_xxx.jks to Apache/conf directory E:\ApacheSoftware\Tomcat9.0\conf

--> Backup server.xml file and add below content to the file. 

# Change the entries as per your Environment

# Mention the correct location of jks

# Mention correct password for jks



<Connector port="443" maxHttpHeaderSize="8192" maxThreads="100"

           minSpareThreads="25" maxSpareThreads="75"

           enableLookups="false" disableUploadTimeout="true"

           acceptCount="100" scheme="https" secure="true"

           SSLEnabled="true" clientAuth="false"

           sslProtocol="TLS" keyAlias="xxx.mcb.com.kw"

           keystoreFile="E:\ApacheSoftware\Tomcat9.0\conf\mcb_xxx.jks"

           keystorePass="mcb123" />

RESTART APACHE - TO TAKE THE SSL EFFECT.

https://hostname.domain.com

Using PFX

<Connector port="443" protocol="HTTP/1.1" sslVerifyClient="optional" sslProtocol="TLS" clientAuth="false"  keystoreType="PKCS12" keystorePass="Letmein123" keystoreFile="C:\Apache\Tomcat9\conf\mcb_xxx_com_kw.pfx"  secure="true" scheme="https" maxThreads="150" SSLEnabled="true"/>

on
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)