Configuring Tomcat 5.5 for SSL using OpenSSL

转自：http://blogs.dfwikilabs.org/pigui/2007/12/10/configuring-tomcat-55-for-ssl-using-openssl/

 

This post explains step by step actions to enable SSL in Tomcat

1. Generate an RSA key for signing the certificate:

   openssl genrsa -out key.pem 2048

2. Generate a certificate using the new key:

   openssl req -new -x509 -key key.pem -out cert.pem -days 365

   Answer the quesstions with your name, organization name, e-mail, etc.

3. Since the certificate is in PEM format, convert it to PKCS12 for Tomcat:

   openssl pkcs12 -export -in cert.pem -inkey key.pem -out cert.p12 -name tomcat

   Enter a password, don’t leave it blank.

4. Edit $TOMCAT_HOME/conf/server.xml and modify the SSL connector:

       <Connector port="8443"
            maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
            enableLookups="false" disableUploadTimeout="true"
            acceptCount="100" debug="0" scheme="https" secure="true"
            clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12"
            keystoreFile="conf/cert.p12" keystorePass="password"/>

   Remember to change password with the one typed at 3.

Note: DON’T use a self-signed certificate in a PRODUCTION SITE! Contact with a CA to sign your certificate.