Saturday, June 6, 2009

Installing self-signed ssl certificate

1. Generate an RSA key for signing the certificate:
openssl genrsa -out mykey.pem 2048

2. Generate a certificate using the new key:
openssl req -new -x509 -key mykey.pem -out mycert.pem -days 365

Enter your name, organization name and address as prompted.
In this example, we've created a key file, mykey.pem, and a self-signed certificate. Normally, you want a certificate from a "certificate authority" or CA. 
3. Since the certificate is in PEM format, convert it to PKCS12 for Tomcat:
openssl pkcs12 -export -in mycert.pem -inkey mykey.pem -out mycert.p12 -name tomcat

You MUST specify an export password! Tomcat expects one.

4. Keep the “mycert.p12” file you will need it to configure in tomcat server.xml.

5. Edit $CATALINA_HOME/conf/server.xml and uncomment the SSL connector tag.
Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="false" proxyPort="443"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12"
keystorePass="*****" />"

1 comment:

  1. I used a website called SSL 247 to organize the ssl web certificate for my retail website as I wasn't totally sure on the best way to go about it.