OPEN SSL - Create pkcs12 clientAuth certificat keystore (SSO Token PopUp) from CertificationAuthority and configure Tomcat connector
Jump to navigation
Jump to search
On linux server :
- initialize new certificate
openssl req -sha256 -nodes -newkey rsa:4096 -keyout "website.fr.key" -out "website.fr.csr"
- upload .csr on the CA Certification Authority website of your company
- download .crt from the CA
- upload .crt to your server
- generate keystore
cat website.fr.key > server.pem
cat website.fr.crt >> server.pem
openssl pkcs12 -export -in server.pem -out keystore.p12
- check keystore
openssl pkcs12 -nokeys -info -in keystore.p12
- update tomcat connector
cd tomcat/conf/
vi server.xml
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port=10xxx
address=10.xxx.xxx.xx
scheme="https"
secure="true"
SSLEnabled="true"
keystoreFile="/xxxxxx/tomcat/certificate/keystore.p12"
keystorePass="changeit"
keystoreType="PKCS12"
clientAuth="true"
sslProtocol="TLS" />