Difference between revisions of "OPEN SSL - Create pkcs12 clientAuth certificat keystore (SSO Token PopUp) from CertificationAuthority and configure Tomcat connector"

From GUILLARD WIKI
Jump to navigation Jump to search
Line 3: Line 3:


- '''initialize new certificate'''  
- '''initialize new certificate'''  
<syntaxhighlight lang="javascript"> openssl req -new -newkey rsa:4096 -keyout "website.fr.key" -out "website.fr.csr" o</syntaxhighlight>
<syntaxhighlight lang="javascript"> openssl req -new -newkey rsa:4096 -keyout "website.fr.key" -out "website.fr.csr" </syntaxhighlight>


<br/>- '''upload .csr on the CA''' Certification Authority website of your company
<br/>- '''upload .csr on the CA''' Certification Authority website of your company

Revision as of 11:47, 16 May 2020

On linux server :

- initialize new certificate

 openssl req -new -newkey rsa:4096 -keyout "website.fr.key" -out "website.fr.csr"


- upload .csr on the CA Certification Authority website of your company
- download .crt from the CA
- upload .crt to your server


- generate keystore

cat website.fr.key > server.pem
cat website.fr.crt >> server.pem
openssl pkcs12 -export  -in server.pem -out keystore.p12

- check keystore

openssl pkcs12 -nokeys -info -in keystore.p12

- update tomcat connector

cd tomcat/conf/
vi server.xml
<Connector 
protocol="org.apache.coyote.http11.Http11NioProtocol"
port=10xxx
address=10.xxx.xxx.xx
scheme="https"
secure="true"
SSLEnabled="true"
keystoreFile="/xxxxxx/tomcat/certificate/keystore.p12"
keystorePass="changeit"
keystoreType="PKCS12"
clientAuth="true"
sslProtocol="TLS" />


- this is now working on https 🎉