OpenSSL req-new-newkey rsa:2048-nodes-keyout 1dottea.com.key-out DOMAIN.COM.CSR
This command will generate 2 files: 1 CSR files and one key file
Domain.com.csr
Domain.com.key
Copy and paste the contents of the CSR file into GoDaddy and click Apply.
After successful application, the download will get a zip package, I choose the other type (no nginx server, so choose the other).
There are 2 files in the compressed package that resemble the following
313fd7ca5877f128.crt
Gd_bundle-g2-g1.crt
Execute the following command:
Cat 313fd7ca5877f128.crt gd_bundle-g2-g1.crt > DOMAIN.COM.CRT
This time the resulting CRT files and key files can get nginx under the configuration used.
===================================================================================
However, if you want to convert the CRT files and key files at this time to the Keystone file used under Tomcat, you need to take advantage of the following two commands.
[email protected] tomcat]# OpenSSL pkcs12-export-in domain.name.crt-inkey domain.name.key-out mycert.p12-name Tomcat -cafile Domain.name.crt-caname Root-chain
Enter Export Password:
Verifying-enter Export Password:
[Email protected] tomcat]# keytool-importkeystore-v-srckeystore mycert.p12-srcstoretype pkcs12-destkeystore Tomcat. Keystore-deststoretype JKs
Enter Destination KeyStore Password:
Re-enter new password:
Enter Source KeyStore Password:
Entry for alias Tomcat successfully imported.
Import command completed:1 entries successfully imported, 0 entries failed or cancelled
[Storing Tomcat.keystore]
These 2 commands are thanks to the author of the following article:
Http://www.oschina.net/question/2266279_221175?sort=time
The configuration in Tomcat is as follows:
<connector port= "8443" protocol= "Org.apache.coyote.http11.Http11Protocol"
Maxthreads= "150"
Sslenabled= "true"
Scheme= "https"
Secure= "true"
Clientauth= "false"
Sslprotocol= "TLS"
Keystorefile= "/root/ssl/tomcat/tomcat.keystore"
Keystorepass= "123456"
/>
This code would have been commented out, uncomment it, and then modify it.
Then enter the address in the browser:
Https://www.domain.name:8443/webapp_name
So you can see the green of expectation.
After the test, completely normal.
This article from "Leboit" blog, declined reprint!
OpenSSL generates a CSR file, converting CRT and key files to jks files under Tomcat