Centos generate localhost ssl for tomcat #24

Open
opened 3 years ago by rbsetiawan · 0 comments
Owner

Centos generate localhost ssl for tomcat

Command

keytool -genkey -alias tomcat -keyalg RSA -keystore /root/ssl/geonet
keytool -list -keystore /root/ssl/geonet

Output


[root@linux ~]# keytool -genkey -alias tomcat -keyalg RSA -keystore /root/ssl/geonet
Enter keystore password:  
Re-enter new password: 
What is your first and last name?
  [Unknown]:  gisportal.id
What is the name of your organizational unit?
  [Unknown]:  geonet
What is the name of your organization?
  [Unknown]:  service
What is the name of your City or Locality?
  [Unknown]:  JKT
What is the name of your State or Province?
  [Unknown]:  DKI
What is the two-letter country code for this unit?
  [Unknown]:  ID
Is CN=gisportal.id, OU=geonet, O=service, L=JKT, ST=DKI, C=ID correct?
  [no]:  yes

Enter key password for <tomcat>
	(RETURN if same as keystore password):  
Re-enter new password: 

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /root/ssl/geonet -destkeystore /root/ssl/geonet -deststoretype pkcs12".
[root@linux ~]# ll /root/ssl/
total 4
-rw-r--r--. 1 root root 2226 Oct 17 13:10 geonet
[root@linux ~]# 
[root@linux ~]# keytool -list -keystore /root/ssl/geonet
Enter keystore password:  
Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

tomcat, Oct 17, 2023, PrivateKeyEntry, 
Certificate fingerprint (SHA-256): 59:0D:26:6F:E9:98:7D:2E:E1:B5:9E:82:9D:38:9A:6E:E7:F3:4D:D0:55:38:98:B8:6D:D4:03:29:1E:F1:56:28

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /root/ssl/geonet -destkeystore /root/ssl/geonet -deststoretype pkcs12".
[root@linux ~]# ll /root/ssl/
total 4
-rw-r--r--. 1 root root 2226 Oct 17 13:10 geonet
[root@linux ~]# 


Tomcat add ssl https 443

sudo nano /etc/tomcat/server.xml 

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="/opt/tomcat/ssl/geonet"
               keystorePass="geonet$123"/>

systemctl restart tomcat.service
# Centos generate localhost ssl for tomcat ### Command ``` keytool -genkey -alias tomcat -keyalg RSA -keystore /root/ssl/geonet ``` ``` keytool -list -keystore /root/ssl/geonet ``` ### Output ``` [root@linux ~]# keytool -genkey -alias tomcat -keyalg RSA -keystore /root/ssl/geonet Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: gisportal.id What is the name of your organizational unit? [Unknown]: geonet What is the name of your organization? [Unknown]: service What is the name of your City or Locality? [Unknown]: JKT What is the name of your State or Province? [Unknown]: DKI What is the two-letter country code for this unit? [Unknown]: ID Is CN=gisportal.id, OU=geonet, O=service, L=JKT, ST=DKI, C=ID correct? [no]: yes Enter key password for <tomcat> (RETURN if same as keystore password): Re-enter new password: Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /root/ssl/geonet -destkeystore /root/ssl/geonet -deststoretype pkcs12". [root@linux ~]# ll /root/ssl/ total 4 -rw-r--r--. 1 root root 2226 Oct 17 13:10 geonet [root@linux ~]# [root@linux ~]# keytool -list -keystore /root/ssl/geonet Enter keystore password: Keystore type: jks Keystore provider: SUN Your keystore contains 1 entry tomcat, Oct 17, 2023, PrivateKeyEntry, Certificate fingerprint (SHA-256): 59:0D:26:6F:E9:98:7D:2E:E1:B5:9E:82:9D:38:9A:6E:E7:F3:4D:D0:55:38:98:B8:6D:D4:03:29:1E:F1:56:28 Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /root/ssl/geonet -destkeystore /root/ssl/geonet -deststoretype pkcs12". [root@linux ~]# ll /root/ssl/ total 4 -rw-r--r--. 1 root root 2226 Oct 17 13:10 geonet [root@linux ~]# ``` ### Tomcat add ssl https 443 ``` sudo nano /etc/tomcat/server.xml ``` ``` <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/opt/tomcat/ssl/geonet" keystorePass="geonet$123"/> ``` ``` systemctl restart tomcat.service ```
rbsetiawan added the
solved
Linux
labels 3 years ago
rbsetiawan self-assigned this 3 years ago
Sign in to join this conversation.
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.