Yesterday I have added new ssl for my server. And this is step by step to setting this SSL.
Generating a Certificate Signing Request (CSR) – Tomcat 4.x/5.x/6.x
To Generate the Key Pair
- Enter the following command:
keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore
- You will be prompted for a password. Tomcat uses the default password changeit.
- Enter Distinguished Name (DN) information:
- First and last name – This is the Common Name: The common name is the fully-qualified domain name (FQDN), Host name, or URL – to which you plan to apply your certificate. Do not enter your personal name in this field.
NOTE: If you are requesting a Wildcard certificate, please add an asterisk (*) on the left side of the Common Name (e.g., "*.coolexample.com" or "www*.coolexample.com"). This will secure all subdomains of the Common Name.
- Organizational unit – Use this field to differentiate between divisions within an organization. For example, "Engineering" or "Human Resources." If applicable, you may enter the DBA (doing business as) name in this field.
- Organization – The name under which your business is legally registered. The listed organization must be the legal registrant of the domain name in the certificate request. If you are enrolling as an individual, please enter the certificate requestor's name in the Organization field, and the DBA (doing business as) name in the Organizational Unit field.
- City/Locality – Name of the city in which your organization is registered/located. Please spell out the name of the city. Do not abbreviate.
- State/Province – Name of state or province where your organization is located. Please enter the full name. Do not abbreviate.
- Country code – The two-letter International Organization for Standardization- (ISO-) format country code for the country in which your organization is legally registered.
- Confirm that the Distinguished Name information is correct.
To Generate a CSR
- Enter the following command:
keytool -certreq -keyalg RSA -alias tomcat -file <your file name>.csr -keystore tomcat.keystore
- Enter the keystore password:
- If the password is correct then the CSR is created.
- If the password is incorrect then a password error is displayed.
- Cut/copy and paste the generated CSR into our online enrollment form.
- Select Tomcat as your server software.
And than we should do this :
Installation Option One: Install the SSL Certificate and CA Bundle (gd_bundle.crt) Implementing a PKCS12 Keystore
Before you install your SSL certificate you must download our root certificate bundle (gd_bundle.crt) on your Web server. You may download the bundle from the repository.
Use the following OpenSSL command to combine the ca bundle gd_bundle.crt and your SSL certificate:
openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in <name of your certificate> -inkey <name of your certificate private key file> -out keystore.tomcat -name tomcat -passout pass:changeit
Updating the server.xml Configuration File
When you have completed installing your certificate, you must configure your Tomcat server.xml configuration file to point to the correct pkcs12 keystore file:
- Open the server.xml file.
- After uncommenting the SSL/TLS connector from server.xml, locate the following Factory tag section and COMMENT IT OUT:
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" />
- Add the following directives to the Connector tag:
keystoreFile=<path to>keystore.tomcat
keystorePass="changeit"
keystoreType="PKCS12"
- Restart Tomcat.
Installation Option Two: Install the SSL Certificate and Intermediate Certificate Separately
Installing Root and Intermediate Certificates
Once you have downloaded the certificates to your local machine, please use the following keytool commands to import them:
Root:
keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file valicert_class2_root.crt
First intermediate (gd_cross_intermediate.crt):
keytool -import -alias cross -keystore tomcat.keystore -trustcacerts -file gd_cross_intermediate.crt
Second intermediate (gd_intermediate.crt):
keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file gd_intermediate.crt
Installing SSL Certificate
Use the following command to import the issued certificate into your keystore.
keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file <name of your certificate>
Updating the server.xml Configuration File
When you have completed installing your certificate, you must configure your Tomcat server.xml configuration file to point to the correct keystore file:
- Open the server.xml file.
- After uncommenting the SSL/TLS connector from server.xml, locate the following text section:
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" />
- Add the "keystoreFile" and "keystorePass directives:
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="/full/path/to/tomcat.keystore" keystorePass="changeit" />
- Restart Tomcat.
Sources =
http://help.godaddy.com/article/5239
http://help.godaddy.com/topic/742/article/5239