How to Move SSL certificate from Apache to Tomcat
https://www.sslsupportdesk.com/how-to-move-ssl-certificate-from-apache-to-tomcat/
Apache uses x509 pem/crt files which is is very different than a Tomcat system that uses keystores. You will follow these steps to copy, convert, and move the working Apache certificate to the Tomcat server.
Both Apache and Tomcat are very customizable. The directory location and naming of the individual files needed vary depending on your personalized system. Below are generalized instructions.
We will start by assuming that you have already successfully installed the SSL certificate on the Apache web server.
Step 1: Finding/converting your SSL certificate and key file on Apache:
- Referencing the httpd.conf or ssl.conf file on the Apache system look for the location and directories of the three files necessary.
- SSLCertificateFile /usr/local/ssl/crt/public.crt
SSLCertificateFile tells Apache how to find the the SSL certificate file. - SSLCertificateKeyFile /usr/local/ssl/private/private.key
SSLCertificateKeyFile tells Apache how to find the private key file. - SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt
SSLCertificateChainFile or SSLCACertificateFile tells Apache the location of the Intermediate file.
- SSLCertificateFile /usr/local/ssl/crt/public.crt
- Copy the three files located within these directories into one location.
- Using OpenSSL on the Apache system you will perform the following command line conversion.
Note: you will be prompted for a password.openssl
pkcs12 -export -in public.crt -inkey private.key -out mycert.p12 -name
tomcat -CAfile intermediate.crt -caname intermediate -chain - The exported keystore will be ‘mycert.p12‘ and will be ready for you to migrate to the Tomcat server.
Step 2: Configuring SSL in Tomcat with your keystore:
- On the Tomcat server search and open the Tomcat server.xml file.
- Open the server.xml config file using a text editor (ie. JAKARTA_HOME/conf/server.xml)
Search for the secure element in your config file (try searching
for SSL Connector). By default it should look something like this: - Change the following attributes to reference the location, name, and password of your keystore.
- keystoreFile=”c:\PATH TO mycert.p12”
- keystorePass=”password of mycert.p12”
- Add The following line under KeystorePass=
- keystoreType=”PKCS12″
- Save the changes.
- Stop and Start Tomcat.Your SSL Certificate/Keystore is now installed, and the website is now configured.
Note: PKCS12 keystore type is only supported with Tomcat JDK 1.5.x+
If unsuccessful you will have to
convert your mycert.p12 file to a .jks file by performing the following
command line in Tomcat using keytool.
keytool -importkeystore -srckeystore mycert.p12 -srcstoretype PKCS12 -destkeystore mycert.jks
If this fails and you cannot get
Tomcat to use the Apache converted keystore you will need to generate a
new keystore and CSR from the Tomcat System and reissue your certificate
to be used on the Tomcat system.
Tomcat Support
For more information refer to Tomcat
最新文章
- (转)oracle中用户删除不了,ORA-01940提示 “无法删除当前已连接用户”
- Angular JS | Closure | Google Web Toolkit | Dart | Polymer 概要汇集
- Function, Predicate
- Include and Require
- 2013=12=2 bitree-----补充
- 使用正则表达式限制swing (JTextField等) 的输入
- 如何对mRemoteNG在进行Linux终端访问时自定义配色
- python类的语法和底层实现
- 【转载】【原创】华硕F8TR笔记本更换主板及喇叭教程
- C# -- 使用XmlDocument或XDocument创建xml文件
- CentOS 使用 yum 更新软件包与系统
- 性能提速:debounce(防抖)、throttle(节流/限频)
- mysql三-1:存储引擎
- Android中的网络编程
- ceph的image扩容
- HTML-HTML5+CSS3权威指南阅读(三、CSS选择器)
- C# 动态加载WebService
- nopcommerce商城系统--开发者常遇问题清单
- 某dp题
- Android学习(十) SQLite 基于内置函数的操作方式