: Configuring SSL on tomcat 7 and the files and format required There exists lot of information on the web and on stackoverflow regarding configuring SSL on Tomcat but it's still confusing and
There exists lot of information on the web and on stackoverflow regarding configuring SSL on Tomcat but it's still confusing and things have not worked for me. I have received two files from the certificate authority x.
Root certificate (crt format)
Actual certificate (crt format)
Type2 certificate (crt format)
Using OpenSSL the files have been converted to .pem format. Question is what are the following property values.
SSLCertificateFile=? (is it actual certificate in .pem format)
SSLCACertificateFile=? (is it root certificate in .pem format)
SSLCertificateChainFile=?
Is it a grouping of all the certificates (read somewhere that you need to add all the files BEGIN - END BEGIN - END)?
If yes then what order?
SSLCertificateKeyFile=? (Now the most confusing part)
I know that it is a private key but how is it created? And from which crt files is it created?)
Any one who has been able to figure out what is what?
More posts by @Alves908
1 Comments
Sorted by latest first Latest Oldest Best
First see the Wikipedia article about certificate filename extensions. Your .crt files are likely already in pem format. You should be able to tell because the contents should be like:
-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJAJC1HiIAZAiIMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
* lots of base64 encoded data *
B7xxt8BVc69rLeHV15A0qyx77CLSj3tCx2IUXVqRs5mlSbq094NBxsauYcm0A6Jq
vA==
-----END CERTIFICATE-----
Sometimes your private key comes contained in your certificate file. You can edit the file and see if it contains a -----BEGIN ENCRYPTED PRIVATE KEY----- section. If so, you can copy it out into its own file. From the tomcat documentation, it also looks like you could leave them in the same file and omit the SSLCertificateKeyFile configuration.
You do not put the actual contents of the pem encoded files into the tomcat configuration. Instead you put the file name where you store them on your system. Here is an example tomcat configuration with values filled in for SSL. It ends up looking like this:
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/my-certificate.crt
SSLCertificateKeyFile /etc/apache2/ssl/my-certificate.key
SSLCACertificateFile /etc/apache2/ssl/root.crt
SSLCertificateChainFile /etc/apache2/ssl/type-2.crt
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.