How to Move SSL certificate from Apache to Tomcat
https://www.sslsupportdesk.com/how-to-move-ssl-certificate-from-apache-to-tomcat/
Apache uses x509 pem/crt files which is is very different than a Tomcat system that uses keystores. You will follow these steps to copy, convert, and move the working Apache certificate to the Tomcat server.
Both Apache and Tomcat are very customizable. The directory location and naming of the individual files needed vary depending on your personalized system. Below are generalized instructions.
We will start by assuming that you have already successfully installed the SSL certificate on the Apache web server.
Step 1: Finding/converting your SSL certificate and key file on Apache:
- Referencing the httpd.conf or ssl.conf file on the Apache system look for the location and directories of the three files necessary.
- SSLCertificateFile /usr/local/ssl/crt/public.crt
SSLCertificateFile tells Apache how to find the the SSL certificate file. - SSLCertificateKeyFile /usr/local/ssl/private/private.key
SSLCertificateKeyFile tells Apache how to find the private key file. - SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt
SSLCertificateChainFile or SSLCACertificateFile tells Apache the location of the Intermediate file.
- SSLCertificateFile /usr/local/ssl/crt/public.crt
- Copy the three files located within these directories into one location.
- Using OpenSSL on the Apache system you will perform the following command line conversion.
Note: you will be prompted for a password.openssl
pkcs12 -export -in public.crt -inkey private.key -out mycert.p12 -name
tomcat -CAfile intermediate.crt -caname intermediate -chain - The exported keystore will be ‘mycert.p12‘ and will be ready for you to migrate to the Tomcat server.
Step 2: Configuring SSL in Tomcat with your keystore:
- On the Tomcat server search and open the Tomcat server.xml file.
- Open the server.xml config file using a text editor (ie. JAKARTA_HOME/conf/server.xml)
Search for the secure element in your config file (try searching
for SSL Connector). By default it should look something like this: - Change the following attributes to reference the location, name, and password of your keystore.
- keystoreFile=”c:\PATH TO mycert.p12”
- keystorePass=”password of mycert.p12”
- Add The following line under KeystorePass=
- keystoreType=”PKCS12″
- Save the changes.
- Stop and Start Tomcat.Your SSL Certificate/Keystore is now installed, and the website is now configured.
Note: PKCS12 keystore type is only supported with Tomcat JDK 1.5.x+
If unsuccessful you will have to
convert your mycert.p12 file to a .jks file by performing the following
command line in Tomcat using keytool.
keytool -importkeystore -srckeystore mycert.p12 -srcstoretype PKCS12 -destkeystore mycert.jks
If this fails and you cannot get
Tomcat to use the Apache converted keystore you will need to generate a
new keystore and CSR from the Tomcat System and reissue your certificate
to be used on the Tomcat system.
Tomcat Support
For more information refer to Tomcat
How to Move SSL certificate from Apache to Tomcat的更多相关文章
- How To Create a SSL Certificate on Apache for CentOS 6
About Self-Signed Certificates 自签证书.一个SSL证书,是加密网站的信息,并创建更安全的链接的一种方式.附加地,证书可以给网站浏览者显示VPS的的身份证明信息.如果一个 ...
- How To Set Up Apache with a Free Signed SSL Certificate on a VPS
Prerequisites Before we get started, here are the web tools you need for this tutorial: Google Chrom ...
- SSL certificate problem unable to get local issuer certificate解决办法
SSL certificate problem unable to get local issuer certificate 解决办法: 下载:ca-bundle.crt 将它放在自己的wamp或者x ...
- Centos 64位 Install certificate on apache 即走https协议
Centos 64位 Install certificate on apache 即走https协议 一: 先要apache 请求ssl证书的csr 一下是步骤: 重要注意事项 An Importan ...
- Failed to connect to VMware Lookup Service……SSL certificate verification failed
今天登陆vsphere web-client时候,报错如下: Failed to connect to VMware Lookup Service https://vc-test.cebbank.co ...
- How to disable SSL certificate checking with Spring RestTemplate?(使用resttemplate访问https时禁用证书检查)
How to disable SSL certificate checking with Spring RestTemplate?(使用resttemplate访问https时禁用证书检查) **** ...
- 使用Letsencrypt做SSL certificate
为什么要使用Letsencrypt做SSL certificate? 最简单直接的原因是免费.但是免费存在是否靠谱的问题,尤其是对安全要求比较高的网站,需要考虑使用letsencrypt的安全性是否符 ...
- Configure custom SSL certificate for RDP on Windows Server 2012 in Remote Administration mode
Q: So the release of Windows Server 2012 has removed a lot of the old Remote Desktop related configu ...
- (转)How to renew your Apple Push Notification Push SSL Certificate
转自:https://blog.serverdensity.com/how-to-renew-your-apple-push-notification-push-ssl-certificate/ It ...
随机推荐
- XMPP之ios即时通讯客户端开发-mac上搭建openfire服务器(二)
come from:http://www.cnblogs.com/xiaodao/archive/2013/04/05/3000554.html 一.下载并安装openfire 1.到http://w ...
- NOIP模拟 run - 双向链表
题目大意: 企鹅国正在举办全面运动会,第一项比赛就是跑步.N 个人在圆形跑道上跑步,他们都有各自的速度和起点.但这个跑步规则很奇怪,当两个人相遇的时候编号较小的就会出局,当场上剩下最后一个人的时候跑步 ...
- [GeekBand] 设计模式之观察者模式学习笔记
本文参考文献::GeekBand课堂内容,授课老师:李建忠 :网络资料: http://blog.csdn.net/hguisu/article/details/7556625 本文仅作为自己的学习笔 ...
- 【BZOJ 1037】[ZJOI2008]生日聚会Party
[题目链接]:http://www.lydsy.com/JudgeOnline/problem.php?id=1037 [题意] [题解] /* 设f[i][j][k][l] 表示前i个人中,有j个男 ...
- 第三方微信支付,WAP、H5、APP、公众号支付的区别
你说一个微信支付被腾讯搞了N个版本出来,是技术问题还收费原因不得而知.公众号支付,H5(wap)支付,APP支付.看得小编一头雾水. 带点N个疑问? 1.公众号支付是在公众号里支付,支众号里引入的三方 ...
- cxf整合spring发布rest服务 httpclient访问服务
1.创建maven web项目并添加依赖 pom.xml <properties> <webVersion>3.0</webVersion> <cxf.ver ...
- Effective C++ 条款23
宁non-member.non-friend顶替member性能 本节介绍笔者为什么时间来实现某些功能.择非成员函数而且是非友元函数.这样做总结一句话,就是最大限度的实现类的封装性. 封装意味着不可见 ...
- FreeBSD 5.0中强制访问控制机制的使用与源代码分析【转】
本文主要讲述FreeBSD 5.0操作系统中新增的重要安全机制,即强制访问控制机制(MAC)的使用与源代码分析,主要包括强制访问控制框架及多级安全(MLS)策略两部分内容.这一部分讲述要将MAC框架与 ...
- Arcgis api for javascript学习笔记 - 不改变默认端口(6080)情况下,外网访问Arcgis Server 发布的接口
Arcgis Server发布的地图服务地址默认端口号是6080,假设本机上只对80端口做了外网映射,在IIS中部署了一个网站绑定了80端口,那么网站中某个页面通过arcgis api for js ...
- WPF的逻辑树与视觉树(2)Visual容器
原文:WPF的逻辑树与视觉树(2)Visual容器 一.摘要 虽然我们平时几乎不会从该类派生,但要想了解视觉树就必须要了解Visual,Visual是一个基本抽象类,继承自DependencyOb ...