1
2
3
| certificate.crt
ca_bundle.crt
private.key
|
Web server is tomcat, merge those files into a keystore
1
2
3
4
5
6
7
8
9
10
11
12
| openssl pkcs12 -export -in certificate.crt -inkey private.key -certfile certificate.crt -out testkeystore.p12
keytool -importkeystore -srckeystore testkeystore.p12 -srcstoretype pkcs12 -destkeystore ks.jks -deststoretype JKS
keytool -changealias -keystore ks.jks -alias 1
=> alias: tomcat
password: lles1234
keytool -import -trustcacerts -alias root -file ca_bundle.crt -keystore ks.jks
keytool -import -trustcacerts -alias lles -file certificate.crt -keystore ks.jks
|
Test the cert
1
| openssl s_connect -showcerts -connect 127.0.0.1:443
|
server.xml
1
2
3
4
5
| <Connector port="443" protocol="HTTP/1.1"
SSLEnabled="true"
scheme="https" secure="true" clientAuth="false"
sslProtocol="TLS" keystoreFile="/your_path/ks.jks"
keystorePass="lles1234" />
|
Reference:
https://www.sslforfree.com/#tutorials
https://www.namecheap.com/support/knowledgebase/article.aspx/9423/33/installing-an-ssl-certificate-on-apache
https://www.namecheap.com/support/knowledgebase/article.aspx/9441/33/installing-an-ssl-certificate-on-tomcat
https://www.cyberciti.biz/faq/test-ssl-certificates-diagnosis-ssl-certificate/