1 2 3
| certificate.crt ca_bundle.crt private.key
|
Web server is tomcat, merge those files into a keystore
1 2 3 4 5 6 7 8 9 10 11 12
| openssl pkcs12 -export -in certificate.crt -inkey private.key -certfile certificate.crt -out testkeystore.p12
keytool -importkeystore -srckeystore testkeystore.p12 -srcstoretype pkcs12 -destkeystore ks.jks -deststoretype JKS
keytool -changealias -keystore ks.jks -alias 1 => alias: tomcat
password: lles1234
keytool -import -trustcacerts -alias root -file ca_bundle.crt -keystore ks.jks
keytool -import -trustcacerts -alias lles -file certificate.crt -keystore ks.jks
|
Test the cert
1
| openssl s_connect -showcerts -connect 127.0.0.1:443
|
server.xml
1 2 3 4 5
| <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/your_path/ks.jks" keystorePass="lles1234" />
|
Reference:
https://www.sslforfree.com/#tutorials
https://www.namecheap.com/support/knowledgebase/article.aspx/9423/33/installing-an-ssl-certificate-on-apache
https://www.namecheap.com/support/knowledgebase/article.aspx/9441/33/installing-an-ssl-certificate-on-tomcat
https://www.cyberciti.biz/faq/test-ssl-certificates-diagnosis-ssl-certificate/