1) Generate a private key
openssl genrsa -des3 -out es.key 2048
2) Generate a CSR
openssl req -new -key es.key -out es.csr
3) Generate a self-signed certificate
openssl x509 -req -days 3650 -in es.csr -signkey es.key -out es.crt
2, Import the SSL Ceritificate into PKCS#12 keystore:
openssl pkcs12 -export -in es.crt -inkey es.key -out es.p12 -name es_tomcat
3, list privatekeyentry
keytool -list -v -keystore es.p12 -storetype pkcs12
4,Import CA/cacert.crt into the Java cacerts, so that the tomcat install can talk to itself if needed.
keytool -import -keystore es.keystore -file es.crt
5, Covert the PKCS#12 keystore to JKS keystore
keytool -importkeystore -srckeystore es.p12 -destkeystore es.jks -srcstoretype pkcs12
keytool -list -v -keystore es.jks
6 update server.xml
vim /opt/tomcat/conf/server.xml
cat /dev/null > /opt/tomcat/logs/catalina.out
/etc/init.d/tomcat stop
cat /dev/null > /opt/tomcat/logs/catalina.out
/etc/init.d/tomcat start
less /opt/tomcat/logs/catalina.out
No comments:
Post a Comment