• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Liutauras Vilda
  • Tim Cooke
  • Jeanne Boyarsky
  • Bear Bibeault
  • Knute Snortum
  • paul wheaton
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Ganesh Patekar
  • Tim Holloway
  • Carey Brown
  • salvin francis

Setting up SSL on Tomact 7

Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hoping someone can help with my confusion over how to configure SSL.
I am using Tomcat 7 on Windows Server 2012.
I have generated a private key and created java keystore using keytool. Then I created a certificate signing request, sent this my ca and in return received back 4 security certifcates.


Do I now just need to import all of these certs plus my private key into the keystore using openssl or do some of these need to go into a trust store, which I think is cacerts?
Do I need to change the format of the .crt before importing into my keystore

Confused of London.
Posts: 43011
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the Ranch. You would import the certificate in the keystore using OpenSSL, as discussed in http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html (which is the ultimate reference). Since that specifically mentions importing CRT files, you should be fine with the format you have. Not sure what those different files are, possibly intermediate certificates - ask the CA about that.
Posts: 20995
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Assuming the usual mode of operation, what you received should be a "chain of trust" where one cert is vouched for by another, which is in turn vouched for by another and up until the final cert in the chain is vouched for by one of the major cert providers (whose certs are distributed as part of the client application - the browser). So you'd add them one by one to the keystore.

Certs and key files come in several different formats. The java keystore cannot accept all of them, so if your certs aren't in the proper form, you'd need files that were converted. You're most likely to encounter this problem if you received Apache certs, which are in PEM format, since the keystore wants PKCS7 format, if I've got my memory correct.

There are various utilities that can handle that process if you need it. I found a nice GUI app, but there's also at least one website that claims it can do the job online for you.
Oh the stink of it! Smell my tiny ad!
create, convert, edit or print DOC and DOCX in Java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!