SSL Certificate on Tomcat

Meaning:-

     SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.

    To be able to create an SSL connection a web server requires an SSL Certificate. our web server then creates two cryptographic keys – a “Private Key” and a “Public Key”.

    The Public Key does not need to be secret and is placed into a Certificate Signing Request (CSR). You should then submit the CSR, during the SSL Certificate application process, the Certification Authority will validate your details and issue an SSL sertificate containing your details and allowing you to use SSL.

    Your web server will match your issued SSL Certificate to your Private Key, it it matches then it establish an encrypted link between the website and your customer’s web browser. Below are the steps for how to Generate a SSL certificate on Apache and Tomcat.

        -: Generate SSL Certificate on Tomcat :-   

1) Using the “java keytool” command line utility, the first thing you need to do is
   create a keystore and generate the key pair. You can do the same with the
   followingcommand.

    SHELL> keytool -genkey -keysize 1024 -keyalg RSA -alias tomcat -keystore \
           <mykey.keystore>

Here,

    The above command will generate a 1024 bit keystore with the RSA algorithem.
   
    After running the above command it will ask some of the question Which you will
    have to answer. The question are,

    Enter keystore password: 
    Re-enter new password:
    What is your first and last name?
      [Unknown]:  bhavesh.com
    What is the name of your organizational unit?
      [Unknown]:  Information Technology
    What is the name of your organization?
      [Unknown]:  Bhavesh Private Limited
    What is the name of your City or Locality?
      [Unknown]:  Mumbai
    What is the name of your State or Province?
      [Unknown]:  Maharastra
    What is the two-letter country code for this unit?
      [Unknown]:  IN
    Is CN=bhavesh.com, OU=Information Technology, O=Bhavesh Private Limited, L=Mumbai,
    ST=Maharastra, C=IN correct?
      [no]:  yes

    Enter key password for <tomcat>
            (RETURN if same as keystore password): 

2) Now with above generated keystore you need to create a generate new Certificate
   Signing Request (CSR). To create a CSR run the below command at your command prompt.

    SHELL> keytool -certreq -alias tomcat -file <yourdomain.csr> \
       -keystore mykey.keystore

Here,
    The new CSR is generated through KEYSTORE. The content of new generated cSR
    (yourdomain.csr) looks like this,

—–BEGIN NEW CERTIFICATE REQUEST—–
MIICkjCCAk8CAQAwgYwxCzAJBgNVBAYTAklOMRMwEQYDVQQIEwpNYWhhcmFzdHJhMQ8wDQ
EwZNdW1iYWkxIDAeBgNVBAoTF0JoYXZlc2ggUHJpdmF0ZSBMaW1pdGVkMR8wHQYDVQQLEx
cm1hdGlvbiBUZWNobm9sb2d5MRQwEgYDVQQDEwtiaGF2ZXNoLmNvbTCCAbcwggEsBgcqhk
MIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8
y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHs
WhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoI
y7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMo
FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegH
TDv+z0kqA4GEAAKBgGcfNIDo5ggOvrJILRlCLMjEyCzb9+qj3w+/sNgCBYwoWOEte1nzT0
z3EAVKQ2Oev/J6e4ENzTxlIjKagfbcIpSWiUZA1aTI9G0JzbjpRETC7z9sGEvN5YHSel+Z
qVnssBLzdQnJiow5LDu8VkOjaEo9tzmPrHM3oAAwCwYHKoZIzjgEAwUAAzAAMC0CFQCU16
Q7DGzcGblZe+nyNsGgIUNSrNd+VXZYke1MgE7XHj5T5ItHU=
—–END NEW CERTIFICATE REQUEST—–
       
   

3) Now you will need to purchase SSL certificate from the respective Certificate
   Authority like (godaddy.com or Geotrust or Verisign). Where you will get one
   account from which you can upload your CSR. After uploading CSR you will get
   one mail stating email verification where you will be getting the HTTP link from
   which you will approve the order, then after you will get your SSL certificate
   through email.

   Now you have your SSL certificate, so run the below command to import the same on
   you KEYSTORE file.

    SHELL> keytool -import -alias tomcat -keystore mykey.keystore -trustcacerts -file
           <yourdomain.crt>   

Here,
    We have imported the SSL certificate to KEYSTORE.   
   

4) Now add the below mentionedd line to “SSL/TLS Connector configuration” part of your
   tomcat configuration file.

    keystoreFile=”/FOLDER/PATH/conf/mykey.keystore”
    keystorePass=”password”

Here,
    “keystorePass” will be the password which you have given while generating
    “mykey.keystore” file.

5) Let restart the Tomcat service and that’s it.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: