TOMCAT CSR CREATION AND CERTIFICATE INSTALLATION
Please make sure you have completed the following before attempting to install your certificate:
TOMCAT CSR CREATION
Follow these instructions to generate a CSR for your Web site. When you have completed this process, you will have a CSR ready to submit to TRUSTZONE in order to be generated into a SSL Security Certificate
Note: Use JDK 1.4 or higher
Create a certificate keystore and private key with the following command:
$JAVA_HOME\bin>keytool -genkey -alias your_alias_name -keyalg RSA -keysize 2048 -keystore your_keystore_filename
Note: Keysize must be specified otherwise keytool will generate a key which is 1024 bit, this does not meet the minimum requirements which is 2048 bit or higher.
Replace ‘$JAVA_HOME’ with the directory of your Java Install. If you are on a Windows server change the directory to:
Specify the password. It must be at least 6 characters long.
Input the following:
- What is your first and last name? (This is the Common Name/FQDN field): www.trustzone.com
- What is the name of your organizational unit?: TRUSTZONE
- What is the name of your organization?: TRUSTZONE
- What is the name of your City or Locality?: Copenhagen
- What is the name of your State or Province?: Copenhagen
- What is the two-letter country code for this unit?: DK
Is CN= www.trustzone.com, OU= Trustzone, O= Trustzone, L= Copenhagen, ST= Copenhagen, C= DK correct?: Yes
Enter the password for <your_alias_name> or enter ‘RETURN’ if it is the same as the keystore password.
Create the Certificate Signing Request file using:
$JAVA_HOME\bin>keytool -certreq -keyalg RSA -alias your_alias_name -file certreq.csr -keystore your_keystore_filename
Enter keystore password: your_password_here
You now have a ‘certreq.csr’ file. The file is encoded in PEM format and can be entered into the website. Be sure to include the beginning and end tags:
—–BEGIN NEW CERTIFICATE REQUEST—–
—–END NEW CERTIFICATE REQUEST—-
INSTALLING YOUR SSL CERTIFICATE
- Type the following command to install the certificate file to your keystore:keytool -import -trustcacerts -alias server -file your_site_name.p7b -keystore your_site_name.jks
You should get a confirmation stating that the ‘certificate reply was installed in keystore’.
If it asks if you want to trust the certificate. Choose y or yes.
Your keystore file (your_site_name.jks) is now ready to use on your Tomcat Server and you will now need to configure your server to use it.
CONFIGURING YOUR SSL CONNECTOR
Tomcat will first need an SSL Connector configured before it can accept secure connections.
- Open the Tomcat server.xml file in a text editor (this is usually located in the conf folder of your Tomcat’s home directory)
- Find the connector that will be secured with the new keystore and uncomment it if necessary (it is usually a connector with port 443 or 8443 like the example below)
- Specify the correct keystore filename and password in your connector configuration. When you are done your connector should look something like this:
< Connector port=”443″ maxHttpHeaderSize=”8192″ maxThreads=”150″ minSpareThreads=”25″ maxSpareThreads=”75″ enableLookups=”false” disableUploadTimeout=”true” acceptCount=”100″ scheme=”https” secure=”true” SSLEnabled=”true” clientAuth=”false” sslProtocol=”TLS”keyAlias=”server” keystoreFile=”/home/user_name/your_site_name.jks” keystorePass=”your_keystore_password” />
- Save your changes to the server.xml file.
- Restart Tomcat.
Last updated: August 21, 2017