Tomcat import certificates obtained through a third-party certificate Authority

Usually, when you create an HTTPS server, you need a Web site's SSL certificate file, but the documents found on the Internet are basically the introduction of how to use Keytools to create a certificate, but this method of applying for the certificate will not be the majority of Internet users of the browser authentication, So if you want to create an HTTPS service that everyone can access, then request a certificate from a trusted institution.

While the certificates downloaded from the Certification Web site do not include the JKS certificate files that tomcat can use, you must first convert the certificate to a format that Tomcat can use.

In general, the certificate file we get is as follows: (temp is the same as the name of the certificate in the following example)

1. TEMP.CRT (certificate file for your own website)

2. Temp.key (optional, private key, can be generated by the CRT itself)

3. ROOT.CRT (optional, certification authority's own root certificate)

The first step:

Merging certificates, generating TEMP.P12 files

Command Line Input:

OpenSSL pkcs12-export-in temp.crt-inkey temp.key-out temp.p12-name Temp

You will be prompted to create your own key and repeat the password, please remember that we will also use

Step Two:

Generating the KeyStore file (JKS) requires that you enter the export password for the previous step, and that you need to use this password to specify the import of the new KeyStore password after a few steps.

<pre name= "code" class= "plain" >keytool-importkeystore-srckeystore temp.p12-srcstoretype pkcs12-destkeystore Temp.jks

You will be prompted to enter the password for the first step and enter a new KeyStore password

Step three (optional):

Generate Public key

<pre name= "code" class= "plain" >openssl rsa-in temp.key-out Temp_public.key

Fourth step (optional):

Merge the root certificate of the authority (that is, add trust)

Alias: Description of the trusted certificate

CA.CRT: The trust certificate to be added can also be a format such as Pem

<pre name= "code" class= "plain" >keytool-keystore Temp.jks-import-trustcacerts-alias alias-file ca.crt

Appendix:

Tomcat configuration:

/data/app/test/temp.jks: Your certificate file

123456: Your Certificate password

<connector port= "8080" protocol= "http/1.1"
Sslenabled= "true" maxthreads= "scheme=" https "
Secure= "true" Clientauth= "true" sslprotocol= "TLS"
Keystorefile= "/data/app/test/temp.jks" keystorepass= "123456"/>