Difference between revisions of "OPEN SSL - Create pkcs12 clientAuth certificat keystore (SSO Token PopUp) from CertificationAuthority and configure Tomcat connector"
Jump to navigation
Jump to search
(Created page with "On linux server : <br/><br/> - '''initialize new certificate''' <syntaxhighlight lang="javascript"> openssl req -sha256 -nodes -newkey rsa:4096 -keyout "website.fr.key" -out...") |
|||
Line 41: | Line 41: | ||
sslProtocol="TLS" /> | sslProtocol="TLS" /> | ||
</syntaxhighlight> | </syntaxhighlight> | ||
<br/> | |||
- this is now working on https 🎉 |
Revision as of 14:14, 11 May 2020
On linux server :
- initialize new certificate
openssl req -sha256 -nodes -newkey rsa:4096 -keyout "website.fr.key" -out "website.fr.csr"
- upload .csr on the CA Certification Authority website of your company
- download .crt from the CA
- upload .crt to your server
- generate keystore
cat website.fr.key > server.pem
cat website.fr.crt >> server.pem
openssl pkcs12 -export -in server.pem -out keystore.p12
- check keystore
openssl pkcs12 -nokeys -info -in keystore.p12
- update tomcat connector
cd tomcat/conf/
vi server.xml
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port=10xxx
address=10.xxx.xxx.xx
scheme="https"
secure="true"
SSLEnabled="true"
keystoreFile="/xxxxxx/tomcat/certificate/keystore.p12"
keystorePass="changeit"
keystoreType="PKCS12"
clientAuth="true"
sslProtocol="TLS" />
- this is now working on https 🎉