❬ Back to Blog
SSL with Apache Tomcat [PKCS12]
This post is a plain guide and how to setup SSL on tomcat using a PKCS12 keystore.
Steps involved:
- Request a Certificate Store (or create it your own, example below)
- Prepare the connector for tomcat (server.xml)
- test SSL via https://server.domain.tld:8090 (port is just an example)
Be advised that all steps for certificates are done using the JAVA keytool command.
Creation of the Store:
Creation is easy. You need the primary Server Name, any aliases that may be used and some infos regarding Organization Name, City, State and Country:
Certificate Request:
Also a easy step if you familiar with:
Import of Certificate:
Import of the ROOT Certificate:
Tomcat connector for server.xml:
If you have only one certificate in the store the keyAlias should match the FQDN of the certificate (usally the server dns name) if you did not specify any. Be aware that the paths can differ from your customer environment and also are just examples.
Also the -ext SAN DNS names are the ones that will be available for your server where Tomcat is installed and your application is running on. So any URL that will be available in the configuration for the application.
To check the keystore use:
==
I'm aware that there are tons of topics out there. But this solution works for me so I tought sharing is caring.
Any question feel free to reach out to me and I’ll try to answer them.
Regards,
Alex