Install SSL on Tomcat with certificate .cer

0

My question is whether it is possible to add SSL to a Windows Server with Tomcat 7 installed using only a .cer file.

I am with a client that uses SSL in your applications with ISS and whenever you need to install SSL on your ISS server only install this .cer file: But as I did an application with Tomcat for it and I need to protect this application with HTTPS I asked for a certificate and it sends me this .cer file.

I've already tried to generate the .JKS file and add it to Tomcat in some ways and with none I've had success. Ex:

keytool -import -alias root -keystore example.jks -trustcacerts -file certificado.cer

With this, I generate the jks file and map it to tomcat and it does not work . I know the Tomcat settings are fine because I ran a test generating the file using genkey which returns me a .keystore file and with that it works.

Should I request this certificate in another format?

Someone has already gone through this and can give me some hint at least?

Thank you.

    
asked by anonymous 24.08.2018 / 15:42

1 answer

0

In your case, only adding the certificate to keytool does not resolve it because it will always use the certificate that was generated in keytool -genkey . Home To resolve this, modify the settings from tomcat to <install_dir>/conf/server.xml to work with certificates, it will look something like this:

<Connector
       protocol="org.apache.coyote.http11.Http11AprProtocol"
       port="8443" maxThreads="200"
       scheme="https" secure="true" SSLEnabled="true"
       SSLCertificateFile="/usr/local/ssl/server.crt"
       SSLCertificateKeyFile="/usr/local/ssl/server.pem"
       SSLVerifyClient="optional" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"/>


You may notice some differences compared to working with keystore as:

  • protocol is Http11AprProtocol instead of Http11NioProtocol (for keystore)
  • use SSLCertificateFile and SSLCertificateKeyFile instead of keystoreFile Home

This link can be useful to complement the reading: TomCat with SSL

    
24.08.2018 / 17:12