SSL
Generate a Self Signed Certificate
The following code will create a .keystore file in your home directory if one does not already exist. The .keystore file is used to hold one or more certificates, each identified by it's alias.
- SITE_DOMAIN - domain certificate is to be used on, e.g. www.tilion.org.uk
keytool -genkey -storepass password -keyalg DSA -alias ALIAS -validity 999
What is your first and last name?
[Unknown]: SITE_DOMAIN
What is the name of your organizational unit?
[Unknown]:
What is the name of your organization?
[Unknown]:
What is the name of your City or Locality?
[Unknown]:
What is the name of your State or Province?
[Unknown]:
What is the two-letter country code for this unit?
[Unknown]:
Is CN=SITE_DOMAIN, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
[no]: yes
Enter key password for <ALIAS>
(RETURN if same as keystore password):
Updating Tomcat
In your tomcat configuration update the connector entries within server.xml, paying particular attention to the sections in bold.
<Connector port="8080" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="PATH_TO_KEYSTORE_FILE"
keyAlias="ALIAS" keystorePass="password" />