StartCom free SSL certificate request and configuration in the Tomcat environment

Source: Internet
Author: User
Tags openssl rsa pkcs12 free ssl free ssl certificate ssl certificate startssl

Tip: It is recommended that you do not use Google Chrome (the site's certificate is not recognized ...), you can see my google replaced by IE (not installed Firefox) ... This application is recommended to use Firefox

The following describes the next self-signed SSL certificate, although you can implement HTTPS protocol access, but the browser will always prompt unsafe, the user is not very friendly, here is a slightly more formal point of CA authentication method.

In a published article to see that their app to enforce the use of HTTPS protocol, let users go to the application of the free SSL certificate, the results go to the website, found that as of September 16 to stop Free Application

Finally had to use the Startssl free SSL certificate, the official website said is free for a year ...

The first part applies for the Free SSL certificate (STARTSSL)

Open Official website

Enter the email to send a verification code, the Verification code to fill in signup such as

Enter password submission will prompt to download

The currently downloaded certificate (end with. P12) is the key to log in to this site is saved, is to log on to the site after the credentials, double-click the installation and then re-visit the official website

Click here

Enter the domain name, submit.

Next, fill in the two-level domain name, only the lower half of the image.

is a way to prompt a CSR file to be generated by the OpenSSL command or by downloading the StartComTool.exe tool

The OpenSSL command used here is executed directly in Linux:

OpenSSL req-newkey rsa:2048-keyout yourname.key-out YOURNAME.CSR

LS can see 2 files generated by Yourname.key and YOURNAME.CSR

Copy the contents of the CSR file into the following text box and submit it, and if successful, you will be prompted to download the certificate from the certificate list.

Get here for a free SSL certificate to apply for success. (after download, there are 4 files that correspond to different Web servers)

The second section describes the Tomcat configuration certificate

1, decryption key

You can use the command OpenSSL rsa-in ssl.key-out Ssl_decrypted.key,

Or STARTSSL provides tools: Tool Box-decrypt Private Key, generated content saved as a file, such as Ssl_decrypted.key

2, generate PKCS12 file Startssl official website to generate PKCS12 file

Private key is the contents of the Ssl_decrypted.key (decryption key) file (-----with-----title)

The certificate fills the bound domain name in the downloaded certificate package. Contents of the CRT (-----with-----title)

The command that the password is set for generating key and CSR files

After the successful submission, you can download the. p12 file (so-called PKCS12)

3, Generate JKs file (Tomcat configuration required)

D:\ssl>keytool.exe-importkeystore-deststorepass MyPwd (should be the same as the password I set up here to create the key and the CSR file)-destkeystore Chbkeystore.jks-srckeystore chb.p12-srcstoretype pkcs12-srcstorepass mypwd (password when creating key and CSR files)

Eventually get Chbkeystore.jks

4. Import the root certificate and Level 1 certificate into the JKs file

Import the root certificate (ROOT.CRT in the Startssl downloaded Certificate otherserver directory)

D:\ssl>keytool-import-alias startsslca-file Otherserver\root.crt-keystore Ch


Import a Level 1 certificate (1_INTERMEDIATE.CRT file in the Startssl downloaded Certificate otherserver directory)

D:\ssl>keytool-import-alias Startsslca2-file OTHERSERVER\1_INTERMEDIATE.CRT-

KeyStore Chbkeystore.jks

5, configure Tomcat (here and self-signed SSL configuration similar)
Modify the Server.xml file in the CONFG directory under the Tomcat directory.

Main add keystorefile (file path) and Keystorepass (password) properties

Self-signed certificate generation and configuration can refer to self-signed SSL certificates

This article references:

StartCom free SSL certificate request and configuration in the Tomcat environment

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.