Is there a thread on how to install my CERTS into Tomcat on a windows server? I thought I only had to add my private key to the following:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/myPrivateKey.key"
type="RSA" />
</SSLHostConfig>
</Connector>
But, this does not work.
Thanks
Bruce
Installing SSL on Window Server - Tomcat
Re: Installing SSL on Window Server - Tomcat
Connector port should be 443.
Here is how we to do it if the certificate is in .pfx format:
<Connector port="443" address="1.2.3.4" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true" sslProtocol="TLS"
keystoreFile="c:/your/folder/acme.pfx"
keystoreType="PKCS12"
keystorePass="topsecret" />
If you wish to try that you could probably use openssl to change the certificate format.
Just make sure the intermediate certificate is included inside the .pfx file, otherwise the certificate chain will be broken. Tomcat doesn't care if it exists in your Microsoft Certificate Store unfortunately.
You can check out the certificate chain here: https://decoder.link/sslchecker/
I only know how to get this working with .pfx and .jks in Windows.
Here is how we to do it if the certificate is in .pfx format:
<Connector port="443" address="1.2.3.4" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true" sslProtocol="TLS"
keystoreFile="c:/your/folder/acme.pfx"
keystoreType="PKCS12"
keystorePass="topsecret" />
If you wish to try that you could probably use openssl to change the certificate format.
Just make sure the intermediate certificate is included inside the .pfx file, otherwise the certificate chain will be broken. Tomcat doesn't care if it exists in your Microsoft Certificate Store unfortunately.
You can check out the certificate chain here: https://decoder.link/sslchecker/
I only know how to get this working with .pfx and .jks in Windows.
Re: Installing SSL on Window Server - Tomcat
Thanks, my buddy google finally found a site that showed me how to just use the .CRT files. Think it is working.
Bruce
Bruce