How to apply an ssl certificate from godaddy to tomcat

The general process is to generate the keystore and csr, then submit the csr to godaddy, download the tomcat version certificate, and import the certificate to your own keystore.

The following describes the specific process.

The preparation is to add the jdk bin folder to the path to ensure access to the keytool (or directly enter this folder to execute the command)

1. Access https://www.digicert.com/easy-csr/keytool.htm

Fill in the necessary information, especially the common name, which is the website domain name. the result is to generate a command and copy it to the command line to generate a jks file and a csr file. Note that the jks file is actually. the keystore name is different.

Remember the password here.

2. Submit the csr file to godaddy and download the tomcat version.

3. The following describes the meanings of several files in the compressed package.

According:

Gd_bundle-g2-g1.crt: Go Daddy Certificate Bundles-G2 With Cross to G1, includes Root
Gdig2.crt: Go Daddy Secure Server Certificate (Intermediate Certificate)-G2

Random id. crt: Your certificate

4. Import these files to the. keystore file (or the jks file)

It is normal for people to import data separately.

Gd_bundle-g2-g1.crt
Gdig2.crt
Xxxxxx. crt (a random id. crt file in the compressed package)

Yes, so does the godaddy document. Actually, it is not.

You need to access the https://certs.godaddy.com/repository to download the gdroot-g2.crt and sign it as the root CA.

For me:

Keytool-import-alias root-keystore tomcat. keystore-storepass password-trustcacerts-file gdroot-g2.crt
Keytool-import-alias intermed-keystore tomcat. keystore-storepass password-trustcacerts-file gdig2.crt
Keytool-import-alias server-keystore tomcat. keystore-storepass password-trustcacerts-file random id. crt
(Note that alias is a server because alias is a server when the keystore was first generated. Many documents write tomcat, because the alias is tomcat when the keystore is generated)

It should be noted that if the gd_bundle-g2-g1.crt is directly as root, an error is reported: unable to establish a chain from the reply (Failed to establish chain from reply)

Then configure the tomcata. keystore (I didn't call it tomcat. jks mainly to make it clear what this file is for later) and the password to server. xml.

<Connector port = "443" protocol = "org. apache. coyote. http11.Http11Protocol"
MaxThreads = "150" SSLEnabled = "true" scheme = "https" secure = "true"
ClientAuth = "false" sslProtocol = "TLS" keystoreFile = "path/tomcat. keystore" keystorePass = "password"/>

Now, the browser will not report that ssl is insecure.