Friday, May 3, 2013

SSL Certificate Integration with Tomcat

Objective:
Lets assume our domain is: example.com.bd
When user requests http://example.com.bd , it will automatically redirected to https://example.com.bd

Tested Environment:
OS: RHEL5.4 2.6.18-164.el5PAE
Tomcat: Version jakarta-tomcat-4.1.20 - jakarta-tomcat-4.1.24
Supported Command: keytool

Work Steps:
1. CSR (Code Signing Request) & Keystore file Generation
2. Certificate Installation
3. Tomcat Configuration
4. Restart Tomcat Web Service


1. CSR (Code Signing Request) & Keystore file Generation
#cd /cert
#keytool -genkey -keyalg RSA -keysize 2048 -keystore /cert/example.com.bd.keystore
Enter keystore password: 123987

You will prompt some questions regarding your domain. You can use to get your domain details


What is your first and last name?
[Unknown]: example.com.bd
What is the name of your organizational unit?
[Unknown]: IT/Technology
What is the name of your organization?
[Unknown]: Example Holdings Pvt. Ltd.
What is the name of your City or Locality?
[Unknown]: 1, South Gulshan Avenue
What is the name of your State or Province?
[Unknown]: Dhaka
What is the two-letter country code for this unit?
[Unknown]: BD
Is CN=example.com.bd, OU=IT/Technology, O=Example Holdings Pvt. Ltd., 1, South Gulshan Avenue, ST=Dhaka, C=BD correct?
[no]: yes

Enter key password for
(RETURN if same as keystore password): 123987

#keytool -certreq -keyalg RSA -file /cert/example.com.bd.csr -keystore /cert/example.com.bd.keystore
Enter keystore password: 123987


2.Certificate Installation

There are different SSL certificate issuer e.g. verisign, COMODO etc.
You will receive following certificates according to your CSR file:

AddTrustExternalCARoot.crt
UTNAddTrustServerCA.crt or e.g. COMODOHigh-AssuranceSecureServerCA.crt or www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign.crt
example_com_bd.crt

Execute following commands from the directory where existing csr and keystore files are located:
#cd /cert
#keytool -import -trustcacerts -alias AddTrustExternalCARoot -file AddTrustExternalCARoot.crt -keystore example.com.bd.keystore

#keytool -import -trustcacerts -alias UTNAddTrust -file UTNAddTrustServerCA.crt -keystore example.com.bd.keystore


OR

#keytool -import -trustcacerts -alias COMODOHigh-AssuranceSecureServerCA -file COMODOHigh-AssuranceSecureServerCA.crt -keystore example.com.bd.keystore

#keytool -import -trustcacerts -alias example.com.bd -file example_com_bd.crt -keystore example.com.bd.keystore

#keytool -import -trustcacerts -file example_com_bd.crt -keystore example.com.bd.keystore



3. Tomcat Configuration
Edit your tomcat configuration file
#vim $TOMCAT_HOME/conf/server.xml


4. Restart Tomcat

**Gratitude to

Restore Archived Log into VMware Aria Operations for Logs (formerly known as vRealize Log Insight - vRLI)

As we cannot keep all logs in searchable space in vRLI production system due to performance and slowness issue, it is always recommended to ...