Installing a new certificate to an old keystore often ends in installation errors or the SSL/TLS certificate not working properly. Important: We recommend you generate a new keystore following the process outlined in this section. Step 1: Use Keytool to Create a New Keystore See Tomcat: Create CSR & Install SSL/TLS Certificate with the DigiCert Utility. You can use the DigiCert Utility to generate your CSR and prepare your SSL/TLS certificate file for installation on your Tomcat server. If you are looking for a simpler way to create CSRs, and install and manage your SSL/TLS certificates, we recommend using the DigiCert ® Certificate Utility for Windows. To view these instructions in Spanish, see CSR para Tomcat and Tomcat Instalar Certificado SSL. To install your SSL certificate, see Tomcat Server: Install and Configure Your SSL/TLS Certificate. To create your certificate signing request (CSR), see Tomcat Server: Create Your CSR with Java Keytool. Restart Note: After you've installed your SSL/TLS certificate and configured the server to use it, you must restart the Tomcat service. Use these instructions to generate your certificate signing request (CSR) and install your SSL/TLS certificate on your Tomcat server using Java’s Keytool. $keytooldir/keytool -import -trustcacerts -alias root -deststorepass changeit -file $certdir/chain.Use Java's Keytool to create a CSR and install your SSL/TLS certificate on your Tomcat (or other Java-based) server $keytooldir/keytool -importkeystore -srcstorepass aaa -deststorepass changeit -destkeypass changeit -srckeystore $certdir/cert_and_key.p12 -srcstoretype PKCS12 -alias tomcat -keystore $keystoredir Openssl pkcs12 -export -in $certdir/fullchain.pem -inkey $certdir/privkey.pem -out $certdir/cert_and_key.p12 -name tomcat -CAfile $certdir/chain.pem -caname root -password pass:aaa $keytooldir/keytool -delete -alias tomcat -storepass changeit -keystore $keystoredir $keytooldir/keytool -delete -alias root -storepass changeit -keystore $keystoredir Iptables -D INPUT -p tcp -m tcp -dport 9999 -j ACCEPT Iptables -t nat -D PREROUTING -i $networkdevice -p tcp -m tcp -dport 80 -j REDIRECT -to-ports 9999 #./letsencrypt-auto certonly -standalone -d $mydomain -standalone-supported-challenges http-01 -http-01-port 9999 -renew-by-default -email $myemail -agree-tos letsencrypt-auto certonly -standalone -test-cert -d $mydomain -standalone-supported-challenges http-01 -http-01-port 9999 -renew-by-default -email $myemail -agree-tos Iptables -t nat -I PREROUTING -i $networkdevice -p tcp -m tcp -dport 80 -j REDIRECT -to-ports 9999 Iptables -I INPUT -p tcp -m tcp -dport 9999 -j ACCEPT Keystoredir=/home/jira/.keystore #located in home dir of user that you Tomcat is running under - just replace jira with your user you use for Tomcat, see ps -ef to get user name if you do not know Networkdevice=eth0 #your network device (run ifconfig to get the name) Mydomain= #put your domain name #your email Keytooldir=/opt/atlassian/jira/jre/bin/ #java keytool located in jre/bin #Please modify these values according to your environmentĬertdir=/etc/letsencrypt/live// #just replace the domain name after /live/ I have created a automated script to update the keystore, you can use it as inspiration or move to LE and use it as it is. I use Let's encrypt certificates (free, signed).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |