How to create a ssl connection, with speciale thanks to Marc Boegem
Generate a Private Key
openssl genrsa -des3 -out server.key 1024
Generate a CSR (Certificate Signing Request)
openssl req -new -key server.key -out server.csr
server.csr -- CSR
server.key -- private key
Send your CSR to the certification authority (CA)
return from CA
server.crt – returned from CA
RapidSSL_TLS_RSA_CA_G1.crt – returned from CA
generate a new p12 certificate with your private key, CA.crt and the returned server.crt
openssl pkcs12 -export -out server.p12 -name server_name -inkey server.key -in server.crt -certfile RapidSSL_TLS_RSA_CA_G1.crt
Enter Export Password: pw_1234
Make a keystore from the p12 certificate
keytool -importkeystore -deststorepass pw_1234 -destkeypass pw_1234 -destkeystore server.jks -srckeystore server.p12 -srcstoretype PKCS12 -srcstrepass pw_1234 -alias server_name
copy the server.jks to the conf folder in Tomcat
in the server.xml
<Connector port="9094"
protocol="HTTP/1.1"
redirectPort="443"/>
<Connector port="8443"
protocol="HTTP/1.1"
maxThreads="500" connectionTimeout="60000"
useBodyEncodingForURI="true"
compression="4096"
scheme="https"
secure="true"
SSLEnabled="true"
sslProtocol="TLS"
protocols="TLSv1.2,TLSv1.1,TLSv1,,SSLv2Hello"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256"
keystoreFile="conf/server.jks"
keystorePass="pw_1234"
compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css"
/>