Configuring Tomcat with SSL

Asked

Viewed 1,299 times

2

I followed the tutorial on the site Tomcat who basically tells you to do two things:

  • Create a . Keystore with password changeit through Keytool.exe. I saved the resultate file in C: Users Vinicius

  • Uncomment and modify the connector xml server. located in C: Program Files Apache Software Foundation Tomcat 8.0 conf

And it stayed like this:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="200" SSLEnabled="true" scheme="https" secure="true"        keystoreFile="C:\Users\Vinicius\.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS" />

After that, in theory, just access my page by https://localhost:8443/ but I get the bug:

Connection to localhost has been refused.

I did something wrong?

  • See the error in Catalina.out and post here

1 answer

0

To set up a Tomcat certificate follow these steps:

First you should create a P12 with openssl like this:

openssl pkcs12 -export -in fullchain.pem -inkey chavePrivada.pem -out Tomcat.P12 -name Tomcat

will be prompted a password for Keystore, put changeit.

After that you should create your JKS that way:

keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore Tomcat.jks -srckeystore Tomcat.P12 -srcstoretype PKCS12 -srcstorepass changeit -alias Tomcat

This will create a file called tomcat.jks

Soon you should set up the server.xml which is located in the folder $CATALINA_BASE/conf following on like this:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" URIEncoding="UTF-8" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/path/para/sua/jks/tomcat.jks" keystorePass="changeit" keyAlias="tomcat" keyPass="changeit"/>

Once this is done, restart Omcat and make sure everything is all right by logging in: https://localhost:8443/

  • First, thanks for the speed John. I installed Openssl and ran the following command on CMD: C:\OpenSSL-Win64\bin>openssl pkcs12 -export -in fullchain.pem -inkey chavePrivada.pem -out tomcat.p12 -name tomcat I received as output this msg: pkcs12: Cannot open input file fullchain.pem, No such file or directory&#xA;pkcs12: Use -help for summary.

  • fullchain.pem is the junction of your certificate along with the chain (certificate from your certifier) for example if your certificate for site.com.crt Voce should join it with CA.crt which probably came with accompanying

  • I’m sorry, but for me this is a very new subject and I’m very new. I don’t want to use an CA certificate. A self-signed Certificate for me would be enough. I created a . Keystore whose path is C: Users Vinicius.Keystore and modified the xml server whose path is C: Program Files Apache Software Foundation Tomcat 8.0 conf like this: <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" &#xA;maxThreads="150" SSLEnabled="true" scheme="https" secure="true" keystoreFile="C:\Users\Vinicius\.keystore" keystorePass="changeit" clientAuth="false" sslProtocol="TLS" />&#xA;

  • So instead of fullchain.pem use youChave.crt

  • I think I’m starting Tomcat wrong. I can’t even access https://localhost:8080 to reach the Tomcat default page (error 404). But if used http://localhost:8080/Projeto_Final/index.jsp I can access my page.

  • Look at this... https://www.digicert.com/csr-ssl-installation/tomcat-keytool.htm

Show 1 more comment

Browser other questions tagged

You are not signed in. Login or sign up in order to post.