Goal: To use a self-signed cert with my dev Tomcat server.
Step 1: Create a certificate with openssl following this Ubuntu certificate guide:
openssl req -new -key server.key -out server.csr
I followed the self-signed NO password guidance.
Step 2: Update Tomcat config file /etc/tomcat7/server.xml
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
keystoreFile="/etc/ssl/private/server.key" keystorePass=""
maxThreads="150" scheme="https" secure="true"
protocol="org.apache.coyote.http11.Http11AprProtocol"
clientAuth="false" sslProtocol="TLS"/>
Step 3: Restart Tomcat:
sudo service tomcat7 stop
sudo service tomcat7 start
Test through Chrome browser on another computer:
All SSL connections to server are refused, but standard http connections work. Error details in Chrome:
Google Chrome's connection attempt to [domain] was rejected. The website may be down, or your network may not be properly configured.
I have seen a plethora of instructions on how to get this to work. But I am confused at the dizzying array of methods. Not the least is some mention a keystore where others only mention cert files. Obviously my ignorance of the topic is in play here. Furthermore, I have a cert but according to many guides, I cannot import my key into a keystore as there is no facility for that.
Both ports 443 and 8443 are open on the server.
Any guidance is appreciated!
Best Answer
Tomcat needs an certificate stored in an Java key store (jks). Java comes usually with the
keytooltool already installed. You should usekeytoolto generate a self-signed certificate like this:keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048Consult this site for more information on the use of keytool.