Create Certificate using OpenSSL for Tomcat
Ref:
Step 1 - Download and install OpenSSL
Step 2 - Add System environment variable
Step 3 - Internal CA
- Create dir for Certs
1
mkdir Server-CA
- Create dir for Certs
- Create dir for private key
- Create dir for CSR - Cert Signing Request
- Create dir for Keystores
1 2 3 4
mkdir Server-CA\newcerts mkdir Server-CA\private mkdir Server-CA\csr mkdir Server-CA\keystores
- Create a file to keep track of serial number
1
echo 1000 > Server-CA\serial
- Create index.txt as Certificate database
1
echo 2>Server-CA\index.txt
- Create Certificate Authority
1
openssl req -config openssl.cnf -new -x509 -days 3650 -extensions v3_ca -keyout Server-CA\private\cakey.pem -out Server-CA\cacert.pem
ref:
- Create a Private Key and csr
1
openssl req -config openssl.cf -new -nodes -out Server-CA\csr\localhost-req.pem -keyout Server-CA\private\localhost-key.pem
- Sign as CA
1
openssl ca -config openssl.cnf -days 730 -out Server-CA\newcerts\localhost-cert.pem -infiles Server-CA\csr\localhost-req.pem
- Install the Cert and Edit Server.xml
Copy and paste the Certs to C:\Program Files\Apache Software Foundation\Tomcat 10.1\conf
- cacert.pem
- localhost-cert.pem
localhost-key.pem
Edit server.xml file
- Test
15:36 
1
openssl ca -policy policy_anything -config openssl.cnf -days 730 -out Server-CA\newcerts\localhost2-cert.pem -infiles Server-CA\csr\locatlhost2-req.pem
18:31 ``` keytool -import -alias ca -keystore Server-CA\keystores\locatlhost2.jks -trustcacerts -file Server-CA\cacert.pem
This post is licensed under CC BY 4.0 by the author.