Difference between revisions of "OPEN SSL - Create pkcs12 clientAuth certificat keystore (SSO Token PopUp) from CertificationAuthority and configure Tomcat connector"
Jump to navigation
Jump to search
Line 3: | Line 3: | ||
- '''initialize new certificate''' | - '''initialize new certificate''' | ||
<syntaxhighlight lang="javascript"> openssl req -new -newkey rsa:4096 -keyout "website.fr.key" -out "website.fr.csr" | <syntaxhighlight lang="javascript"> openssl req -new -newkey rsa:4096 -keyout "website.fr.key" -out "website.fr.csr" </syntaxhighlight> | ||
<br/>- '''upload .csr on the CA''' Certification Authority website of your company | <br/>- '''upload .csr on the CA''' Certification Authority website of your company |
Revision as of 11:47, 16 May 2020
On linux server :
- initialize new certificate
openssl req -new -newkey rsa:4096 -keyout "website.fr.key" -out "website.fr.csr"
- upload .csr on the CA Certification Authority website of your company
- download .crt from the CA
- upload .crt to your server
- generate keystore
cat website.fr.key > server.pem
cat website.fr.crt >> server.pem
openssl pkcs12 -export -in server.pem -out keystore.p12
- check keystore
openssl pkcs12 -nokeys -info -in keystore.p12
- update tomcat connector
cd tomcat/conf/
vi server.xml
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port=10xxx
address=10.xxx.xxx.xx
scheme="https"
secure="true"
SSLEnabled="true"
keystoreFile="/xxxxxx/tomcat/certificate/keystore.p12"
keystorePass="changeit"
keystoreType="PKCS12"
clientAuth="true"
sslProtocol="TLS" />
- this is now working on https 🎉