Last active
May 27, 2021 08:45
-
-
Save mortenbra/387ba1d230a1f7719dfb to your computer and use it in GitHub Desktop.
Generate Certificate Signing Request (CSR) and install SSL certificate (CRT) into Java keystore used by Tomcat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # create a new keystore | |
| keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore foobar_com.jks -dname "CN=foobar.com,OU=IT, O=FooBar Inc, L=FooCity, ST=FooState, C=NO" | |
| # create a certificate signing request (CSR) to send to the certificate authority (CA) | |
| keytool -certreq -alias server -file foobar_com.csr -keystore foobar_com.jks | |
| # now go and buy a SSL certificate, using the CSR file | |
| # you should get a certificate file in .crt format back | |
| # install the received certificate (example uses files received from GoDaddy) | |
| # see http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr | |
| # first make a copy of the keystore, so we don't mess up the original if something goes wrong | |
| cp foobar-com.jks godaddy.tomcat7.jks | |
| # now import the root, intermediate and site certificates | |
| keytool -import -alias root -keystore godaddy.tomcat7.jks -trustcacerts -file gdroot-g2.crt | |
| keytool -import -alias intermed -keystore godaddy.tomcat7.jks -trustcacerts -file gdig2.crt | |
| keytool -import -alias server -keystore godaddy.tomcat7.jks -trustcacerts -file your_certificate_filename.crt | |
| # allow tomcat user to read file | |
| chown tomcat:tomcat godaddy.tomcat7.jks | |
| # remember to update the Connector in Tomcat's server.xml configuration file with the location and password for the keystore |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment