Tomcat-native Installation
Note: Tomcat-native generally bring a compiled green Openssl.exe, very useful
For STARTSSL certificate, please refer to http://www.cnblogs.com/kreo/p/4221379.html
After the application you will have three files, SSL.CRT (public key), Ssl.key (key), SSL.P12 (PKCS12 format certificate)
1. View the contents of the certificate
As below, note the alias, this article is startcom PFX certificate (this is generally the case)
2. Generate KeyStore
" startcom PFX Certificate " -destkeypass 123456
Srcalias is the alias you found above.
Destkeypass is the default encryption password that may be ignored and re-entered once
After execution, a file named KeyStore is generated under the directory
3. Merging certificates
This step is mainly for Firefox, because Firefox will ask for a root certificate
Download Startssl CA Certificate
Http://cert.startssl.com/certs/ca.pem
Download Startssl Class1 Sub CA
Http://cert.startssl.com/certs/sub.class1.server.ca.pem
and put Ca.pem and Sub.class1.server.ca.pem in the back of SSL.CRT.
Notepad plus you can, here to note that each certificate must have
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
These 2 start end tags, the first end and the second start tag cannot be on one line, or an error will be
4. Use the OpenSSL Plus decryption function to change the encryption mode so that Tomcat can enter the private key password without booting.
$ Copy ssl.key ssl.key.tmp $ openssl RSA- in Ssl.key.tmp-out ssl.key
TOMCAT7 Installing STARTSSL Certificate notes