how to install ssl on tomcat 7? The 2019 Stack Overflow Developer Survey Results Are In ...

Would an alien lifeform be able to achieve space travel if lacking in vision?

Could an empire control the whole planet with today's comunication methods?

US Healthcare consultation for visitors

Are spiders unable to hurt humans, especially very small spiders?

One-dimensional Japanese puzzle

Is an up-to-date browser secure on an out-of-date OS?

Word for: a synonym with a positive connotation?

What was the last x86 CPU that did not have the x87 floating-point unit built in?

How do I design a circuit to convert a 100 mV and 50 Hz sine wave to a square wave?

how can a perfect fourth interval be considered either consonant or dissonant?

How do you keep chess fun when your opponent constantly beats you?

What can I do if neighbor is blocking my solar panels intentionally?

Homework question about an engine pulling a train

What information about me do stores get via my credit card?

Mortgage adviser recommends a longer term than necessary combined with overpayments

How did passengers keep warm on sail ships?

Is it ok to offer lower paid work as a trial period before negotiating for a full-time job?

How to determine omitted units in a publication

Deal with toxic manager when you can't quit

Is it ethical to upload a automatically generated paper to a non peer-reviewed site as part of a larger research?

Student Loan from years ago pops up and is taking my salary

Loose spokes after only a few rides

Working through the single responsibility principle (SRP) in Python when calls are expensive

My body leaves; my core can stay



how to install ssl on tomcat 7?



The 2019 Stack Overflow Developer Survey Results Are In
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
Come Celebrate our 10 Year Anniversary!Tomcat - Exporting Private Key?Import private key and certificate into Tomcat?Issue replacing SSL certificate with renewed one on Tomcat 6.0 (using keytool)Activating ssl on tomcatInstalling SSL Thawte Certificates for tomcat from pre-generated Private KeyCan I use openssl to generate key/cert for tomcat?How to install/update/upgrade SSL certificate in Tomcatsign keytool generated cert/key pairs using easy-rsa openvpn intermediate CAP7b file and cer file do I need them bothKeystore + CSR created on dev system does not work on remote (AWS) Tomcat





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







1















I know this question might sound too easy and I should had read all docs available on internet, the true is that I did, and I had no luck, its kinda confusing for me, I have installed many times this thing but for Apache, never for Tomcat.



I want to install a certificate from GoDaddy, so, I followed this instructions



http://support.godaddy.com/help/article/5239/generating-a-csr-and-installing-an-ssl-certificate-in-tomcat-4x5x6x



I created my keyfile like this



keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore

keytool -certreq -keyalg RSA -alias tomcat -file csr.csr -keystore tomcat.keystore


I changed tomcat for mydomain.com .. is it wrong?



I created the keystore, later the csr, after that the problem comes, I add to server.xml on the config folder



<Connector port="8443" maxThreads="200"

scheme="https" secure="true" SSLEnabled="true"

keystoreFile="path to your keystore file" keystorePass="changeit" clientAuth="false" sslProtocol="TLS"/>


Later I imported the certs



keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file valicert_class2_root.crt


and I did, but I dont have a gd_intermediate.crt and the last step is 



keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file <name of your certificate>


reading in other blogs I saw they import here the crt , but tomcat is the user I have to leave? or its for example only??



In the docs of tomcat I found this
(http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html)




Download a Chain Certificate from the Certificate Authority you
obtained the Certificate keytool -import -alias root -keystore

-trustcacerts -file 



   And finally import your new Certificate

       keytool -import -alias tomcat -keystore <your_keystore_filename> 

-file <your_certificate_filename>



but I have no idea what is a "chain certificate" ... can somebody help me? I am really confused and lost. I am using Tomcat7



Thanks.






ssl tomcat tomcat7 keytool







share|improve this question
















bumped to the homepage by Community 7 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
















  • I know this is more like a workaround, but as you have experience with setting up SSL on Apache, you could consider serving your Tomcat webapp through Apache (as a reverse proxy), and Apache should be able to encrypt at that level.

    – Psymøn
    Sep 8 '18 at 1:48


















1















I know this question might sound too easy and I should had read all docs available on internet, the true is that I did, and I had no luck, its kinda confusing for me, I have installed many times this thing but for Apache, never for Tomcat.



I want to install a certificate from GoDaddy, so, I followed this instructions



http://support.godaddy.com/help/article/5239/generating-a-csr-and-installing-an-ssl-certificate-in-tomcat-4x5x6x



I created my keyfile like this



keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore

keytool -certreq -keyalg RSA -alias tomcat -file csr.csr -keystore tomcat.keystore


I changed tomcat for mydomain.com .. is it wrong?



I created the keystore, later the csr, after that the problem comes, I add to server.xml on the config folder



<Connector port="8443" maxThreads="200"

scheme="https" secure="true" SSLEnabled="true"

keystoreFile="path to your keystore file" keystorePass="changeit" clientAuth="false" sslProtocol="TLS"/>


Later I imported the certs



keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file valicert_class2_root.crt


and I did, but I dont have a gd_intermediate.crt and the last step is 



keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file <name of your certificate>


reading in other blogs I saw they import here the crt , but tomcat is the user I have to leave? or its for example only??



In the docs of tomcat I found this
(http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html)




Download a Chain Certificate from the Certificate Authority you
obtained the Certificate keytool -import -alias root -keystore

-trustcacerts -file 



   And finally import your new Certificate

       keytool -import -alias tomcat -keystore <your_keystore_filename> 

-file <your_certificate_filename>



but I have no idea what is a "chain certificate" ... can somebody help me? I am really confused and lost. I am using Tomcat7



Thanks.






ssl tomcat tomcat7 keytool







share|improve this question
















bumped to the homepage by Community 7 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
















  • I know this is more like a workaround, but as you have experience with setting up SSL on Apache, you could consider serving your Tomcat webapp through Apache (as a reverse proxy), and Apache should be able to encrypt at that level.

    – Psymøn
    Sep 8 '18 at 1:48














1












1








1








I know this question might sound too easy and I should had read all docs available on internet, the true is that I did, and I had no luck, its kinda confusing for me, I have installed many times this thing but for Apache, never for Tomcat.



I want to install a certificate from GoDaddy, so, I followed this instructions



http://support.godaddy.com/help/article/5239/generating-a-csr-and-installing-an-ssl-certificate-in-tomcat-4x5x6x



I created my keyfile like this



keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore

keytool -certreq -keyalg RSA -alias tomcat -file csr.csr -keystore tomcat.keystore


I changed tomcat for mydomain.com .. is it wrong?



I created the keystore, later the csr, after that the problem comes, I add to server.xml on the config folder



<Connector port="8443" maxThreads="200"

scheme="https" secure="true" SSLEnabled="true"

keystoreFile="path to your keystore file" keystorePass="changeit" clientAuth="false" sslProtocol="TLS"/>


Later I imported the certs



keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file valicert_class2_root.crt


and I did, but I dont have a gd_intermediate.crt and the last step is 



keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file <name of your certificate>


reading in other blogs I saw they import here the crt , but tomcat is the user I have to leave? or its for example only??



In the docs of tomcat I found this
(http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html)




Download a Chain Certificate from the Certificate Authority you
obtained the Certificate keytool -import -alias root -keystore

-trustcacerts -file 



   And finally import your new Certificate

       keytool -import -alias tomcat -keystore <your_keystore_filename> 

-file <your_certificate_filename>



but I have no idea what is a "chain certificate" ... can somebody help me? I am really confused and lost. I am using Tomcat7



Thanks.






ssl tomcat tomcat7 keytool







share|improve this question
















I know this question might sound too easy and I should had read all docs available on internet, the true is that I did, and I had no luck, its kinda confusing for me, I have installed many times this thing but for Apache, never for Tomcat.



I want to install a certificate from GoDaddy, so, I followed this instructions



http://support.godaddy.com/help/article/5239/generating-a-csr-and-installing-an-ssl-certificate-in-tomcat-4x5x6x



I created my keyfile like this



keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore

keytool -certreq -keyalg RSA -alias tomcat -file csr.csr -keystore tomcat.keystore


I changed tomcat for mydomain.com .. is it wrong?



I created the keystore, later the csr, after that the problem comes, I add to server.xml on the config folder



<Connector port="8443" maxThreads="200"

scheme="https" secure="true" SSLEnabled="true"

keystoreFile="path to your keystore file" keystorePass="changeit" clientAuth="false" sslProtocol="TLS"/>


Later I imported the certs



keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file valicert_class2_root.crt


and I did, but I dont have a gd_intermediate.crt and the last step is 



keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file <name of your certificate>


reading in other blogs I saw they import here the crt , but tomcat is the user I have to leave? or its for example only??



In the docs of tomcat I found this
(http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html)




Download a Chain Certificate from the Certificate Authority you
obtained the Certificate keytool -import -alias root -keystore

-trustcacerts -file 



   And finally import your new Certificate

       keytool -import -alias tomcat -keystore <your_keystore_filename> 

-file <your_certificate_filename>



but I have no idea what is a "chain certificate" ... can somebody help me? I am really confused and lost. I am using Tomcat7



Thanks.






ssl tomcat tomcat7 keytool




ssl tomcat tomcat7 keytool






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Aug 23 '13 at 9:59









Valerio Minetti

32326




32326










asked Feb 27 '13 at 18:11









user156355user156355

59129




59129





bumped to the homepage by Community 7 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







bumped to the homepage by Community 7 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.















  • I know this is more like a workaround, but as you have experience with setting up SSL on Apache, you could consider serving your Tomcat webapp through Apache (as a reverse proxy), and Apache should be able to encrypt at that level.

    – Psymøn
    Sep 8 '18 at 1:48



















  • I know this is more like a workaround, but as you have experience with setting up SSL on Apache, you could consider serving your Tomcat webapp through Apache (as a reverse proxy), and Apache should be able to encrypt at that level.

    – Psymøn
    Sep 8 '18 at 1:48

















I know this is more like a workaround, but as you have experience with setting up SSL on Apache, you could consider serving your Tomcat webapp through Apache (as a reverse proxy), and Apache should be able to encrypt at that level.

– Psymøn
Sep 8 '18 at 1:48





I know this is more like a workaround, but as you have experience with setting up SSL on Apache, you could consider serving your Tomcat webapp through Apache (as a reverse proxy), and Apache should be able to encrypt at that level.

– Psymøn
Sep 8 '18 at 1:48










2 Answers
2






active

oldest

votes


















0














I spend hours trying to figure this out and here are the fruits of my labor



Problem



You are unable to create a valid Tomcat Keystore using a GoDaddy crt and key file



Curl output may look like this:



curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed


Getting the Script



curl -O https://raw.github.com/ssstonebraker/braker-scripts/master/working-scripts/crt_to_keystore.sh

chmod +x crt_to_keystore.sh


Using the script



./crt_to_keystore.sh <path_to_crt> <path_to_key>


RAW Contents of Script



#!/bin/bash

# Filename: crt_to_keystore.sh

# Description: create tomcat keystore from cert and key

# Usage: "Usage: ./crt_to_keystore.sh <path_to_crt> <path_to_key>"

# Author: Steve Stonebraker

# pretty printing functions

function print_status { echo -e "x1B[01;34m[*]x1B[0m $1"; }

function print_good { echo -e "x1B[01;32m[*]x1B[0m $1"; }

function print_error { echo -e "x1B[01;31m[*]x1B[0m $1"; }

function print_notification { echo -e "x1B[01;33m[*]x1B[0m $1"; }

function printline { hr=-------------------------------------------------------------------------------------------------------------------------------

printf '%sn' "${hr:0:${COLUMNS:-$(tput cols)}}"

}

####################################

# print message and exit program

function die { print_error "$1" >&2;exit 1; }

####################################

# function that is called when the script exits

function finish {

    [ -f $(dirname $0)/temp.p12 ] && shred -u $(dirname $0)/temp.p12;

}



#whenver the script exits call the function "finish"

trap finish EXIT

#######################################

# if file exists remove it

function move_file_if_exist {

  [ -e $1 ] && mv $1 $1.old && print_status "moved file $1 to $1.old";

}

#######################################

# Verify user provided valid file

function file_must_exist {

  [ ! -f $1 ] && die "$1 is not a valid file, please provide a valid file name!  Exiting....";

  print_status "$1 is a valid file"

}

#######################################

# Verify user provided two arguments

# Verify user provided two arguments

[ $# -ne 2 ] && die "Usage: ./crt_to_keystore.sh <path_to_crt> <path_to_key>";



# Assign user's provided input to variables

crt=$1

key=$2

#read -p "Provide password to export .crt and .key: " key_pw

read -p "Provide password for new keystore: " pw



# Define some Variables

readonly ourPath="$(dirname $0)"

readonly gdbundle="$ourPath/gd_bundle.crt"  

readonly keystore="$ourPath/tomcat.keystore"

readonly p12="$ourPath/temp.p12"

readonly KEYTOOL=$(which keytool)

readonly OPENSSL=$(which openssl)



#######################################

# Functions used by main execution

function gd_check_cert {

    # Verify gd_bundle.crt exists

    [ ! -f "$1" ] && print_error "$1 not found!  Downloading..." && wget https://certs.godaddy.com/repository/$1;

    [ ! -f "$1" ] && die "$1 must exist in current path!  Exiting....";

    [ -f "$1" ] && print_status "found $1 in current path"

}



function verify_before_execution {

    printline

    #verify godaddy cert

    gd_check_cert $gdbundle



    #Check to make sure the user provided valid files



    file_must_exist ${crt}

    file_must_exist ${key}



    move_file_if_exist ${keystore}

}



function import_godaddy_root {

    print_status "Importing gd_bundle.crt to java key store..."



    ${KEYTOOL} -import 

    -alias root 

    -keystore ${keystore} 

    -trustcacerts 

    -file ${gdbundle} 

    -keypass ${pw} 

    -storepass ${pw}  >/dev/null 2>/dev/null

    [ ! $? -eq 0 ] && die "Error running command... Exiting!";

}



function export_to_p12 {

    printline

    print_status "Exporting your key and cert to pkcs12 format..."

    ${OPENSSL} pkcs12 -export -chain -CAfile gd_bundle.crt -inkey ${key} -in ${crt} -out ${p12} -password pass:${pw}



    [ ! $? -eq 0 ] && die "Error running command... Exiting!";



}



function import_p12_file {

    print_status "Importing p12 file to java key store..."

    ${KEYTOOL} -importkeystore 

    -srcalias 1 

    -destalias tomcat 

    -srckeystore ${p12} 

    -srcstoretype PKCS12 

    -srcstorepass ${pw} 

    -destkeystore ${keystore} 

    -keypass ${pw} 

    -storepass ${pw} 

    -dest‐storepass ${pw} >/dev/null 2>/dev/null

    [ ! $? -eq 0 ] && die "Error running command... Exiting!";

}



function print_msg_after_creation {

    printline

    print_good "Keystore ${keystore} creation complete!"

    printline

    print_status "Don't forget to copy ${keystore} to /etc/tomcat7/tomcat.keystore and update server.xml"

    printline

}



#######################################

# Main Execution

verify_before_execution

export_to_p12

import_godaddy_root

import_p12_file

print_msg_after_creation


Source: http://brakertech.com/convert-valid-godaddy-cert-key-to-java-keystore/






share|improve this answer































    0














    I'll try to clarify a bit the signing procedure:




    • Key generation: you create a private key

    • CSR generation: with your private key you create a request to a Certification Autority that contains a cert to be signed

    • CA signature: CA signs your certificate and send it back to you (it now has inside your fingerprint and ca one).

    • cert import: import signed cert in keystore thus making it available to tomcat

    • chain-cert import: import certs that defines the trust-chain


    CA can delegate signing so in order to be sure that a signed cert is valid, clients should be able to check every CA identity. (i.e your cert is signed by ca.contoso and contoso uses verisign as cert authority; client will check then contoso and then verisign one, if all are OK your cert is considered valid)






    share|improve this answer


























      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "2"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f483130%2fhow-to-install-ssl-on-tomcat-7%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      0














      I spend hours trying to figure this out and here are the fruits of my labor



      Problem



      You are unable to create a valid Tomcat Keystore using a GoDaddy crt and key file



      Curl output may look like this:



      curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
      
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed


      Getting the Script



      curl -O https://raw.github.com/ssstonebraker/braker-scripts/master/working-scripts/crt_to_keystore.sh
      
chmod +x crt_to_keystore.sh


      Using the script



      ./crt_to_keystore.sh <path_to_crt> <path_to_key>


      RAW Contents of Script



      #!/bin/bash
      
# Filename: crt_to_keystore.sh
      
# Description: create tomcat keystore from cert and key
      
# Usage: "Usage: ./crt_to_keystore.sh <path_to_crt> <path_to_key>"
      
# Author: Steve Stonebraker
      
# pretty printing functions
      
function print_status { echo -e "x1B[01;34m[*]x1B[0m $1"; }
      
function print_good { echo -e "x1B[01;32m[*]x1B[0m $1"; }
      
function print_error { echo -e "x1B[01;31m[*]x1B[0m $1"; }
      
function print_notification { echo -e "x1B[01;33m[*]x1B[0m $1"; }
      
function printline { hr=-------------------------------------------------------------------------------------------------------------------------------
      
printf '%sn' "${hr:0:${COLUMNS:-$(tput cols)}}"
      
}
      
####################################
      
# print message and exit program
      
function die { print_error "$1" >&2;exit 1; }
      
####################################
      
# function that is called when the script exits
      
function finish {
      
    [ -f $(dirname $0)/temp.p12 ] && shred -u $(dirname $0)/temp.p12;
      
}
      

      
#whenver the script exits call the function "finish"
      
trap finish EXIT
      
#######################################
      
# if file exists remove it
      
function move_file_if_exist {
      
  [ -e $1 ] && mv $1 $1.old && print_status "moved file $1 to $1.old";
      
}
      
#######################################
      
# Verify user provided valid file
      
function file_must_exist {
      
  [ ! -f $1 ] && die "$1 is not a valid file, please provide a valid file name!  Exiting....";
      
  print_status "$1 is a valid file"
      
}
      
#######################################
      
# Verify user provided two arguments
      
# Verify user provided two arguments
      
[ $# -ne 2 ] && die "Usage: ./crt_to_keystore.sh <path_to_crt> <path_to_key>";
      

      
# Assign user's provided input to variables
      
crt=$1
      
key=$2
      
#read -p "Provide password to export .crt and .key: " key_pw
      
read -p "Provide password for new keystore: " pw
      

      
# Define some Variables
      
readonly ourPath="$(dirname $0)"
      
readonly gdbundle="$ourPath/gd_bundle.crt"  
      
readonly keystore="$ourPath/tomcat.keystore"
      
readonly p12="$ourPath/temp.p12"
      
readonly KEYTOOL=$(which keytool)
      
readonly OPENSSL=$(which openssl)
      

      
#######################################
      
# Functions used by main execution
      
function gd_check_cert {
      
    # Verify gd_bundle.crt exists
      
    [ ! -f "$1" ] && print_error "$1 not found!  Downloading..." && wget https://certs.godaddy.com/repository/$1;
      
    [ ! -f "$1" ] && die "$1 must exist in current path!  Exiting....";
      
    [ -f "$1" ] && print_status "found $1 in current path"
      
}
      

      
function verify_before_execution {
      
    printline
      
    #verify godaddy cert
      
    gd_check_cert $gdbundle
      

      
    #Check to make sure the user provided valid files
      

      
    file_must_exist ${crt}
      
    file_must_exist ${key}
      

      
    move_file_if_exist ${keystore}
      
}
      

      
function import_godaddy_root {
      
    print_status "Importing gd_bundle.crt to java key store..."
      

      
    ${KEYTOOL} -import 
      
    -alias root 
      
    -keystore ${keystore} 
      
    -trustcacerts 
      
    -file ${gdbundle} 
      
    -keypass ${pw} 
      
    -storepass ${pw}  >/dev/null 2>/dev/null
      
    [ ! $? -eq 0 ] && die "Error running command... Exiting!";
      
}
      

      
function export_to_p12 {
      
    printline
      
    print_status "Exporting your key and cert to pkcs12 format..."
      
    ${OPENSSL} pkcs12 -export -chain -CAfile gd_bundle.crt -inkey ${key} -in ${crt} -out ${p12} -password pass:${pw}
      

      
    [ ! $? -eq 0 ] && die "Error running command... Exiting!";
      

      
}
      

      
function import_p12_file {
      
    print_status "Importing p12 file to java key store..."
      
    ${KEYTOOL} -importkeystore 
      
    -srcalias 1 
      
    -destalias tomcat 
      
    -srckeystore ${p12} 
      
    -srcstoretype PKCS12 
      
    -srcstorepass ${pw} 
      
    -destkeystore ${keystore} 
      
    -keypass ${pw} 
      
    -storepass ${pw} 
      
    -dest‐storepass ${pw} >/dev/null 2>/dev/null
      
    [ ! $? -eq 0 ] && die "Error running command... Exiting!";
      
}
      

      
function print_msg_after_creation {
      
    printline
      
    print_good "Keystore ${keystore} creation complete!"
      
    printline
      
    print_status "Don't forget to copy ${keystore} to /etc/tomcat7/tomcat.keystore and update server.xml"
      
    printline
      
}
      

      
#######################################
      
# Main Execution
      
verify_before_execution
      
export_to_p12
      
import_godaddy_root
      
import_p12_file
      
print_msg_after_creation


      Source: http://brakertech.com/convert-valid-godaddy-cert-key-to-java-keystore/






      share|improve this answer




























        0














        I spend hours trying to figure this out and here are the fruits of my labor



        Problem



        You are unable to create a valid Tomcat Keystore using a GoDaddy crt and key file



        Curl output may look like this:



        curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
        
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed


        Getting the Script



        curl -O https://raw.github.com/ssstonebraker/braker-scripts/master/working-scripts/crt_to_keystore.sh
        
chmod +x crt_to_keystore.sh


        Using the script



        ./crt_to_keystore.sh <path_to_crt> <path_to_key>


        RAW Contents of Script



        #!/bin/bash
        
# Filename: crt_to_keystore.sh
        
# Description: create tomcat keystore from cert and key
        
# Usage: "Usage: ./crt_to_keystore.sh <path_to_crt> <path_to_key>"
        
# Author: Steve Stonebraker
        
# pretty printing functions
        
function print_status { echo -e "x1B[01;34m[*]x1B[0m $1"; }
        
function print_good { echo -e "x1B[01;32m[*]x1B[0m $1"; }
        
function print_error { echo -e "x1B[01;31m[*]x1B[0m $1"; }
        
function print_notification { echo -e "x1B[01;33m[*]x1B[0m $1"; }
        
function printline { hr=-------------------------------------------------------------------------------------------------------------------------------
        
printf '%sn' "${hr:0:${COLUMNS:-$(tput cols)}}"
        
}
        
####################################
        
# print message and exit program
        
function die { print_error "$1" >&2;exit 1; }
        
####################################
        
# function that is called when the script exits
        
function finish {
        
    [ -f $(dirname $0)/temp.p12 ] && shred -u $(dirname $0)/temp.p12;
        
}
        

        
#whenver the script exits call the function "finish"
        
trap finish EXIT
        
#######################################
        
# if file exists remove it
        
function move_file_if_exist {
        
  [ -e $1 ] && mv $1 $1.old && print_status "moved file $1 to $1.old";
        
}
        
#######################################
        
# Verify user provided valid file
        
function file_must_exist {
        
  [ ! -f $1 ] && die "$1 is not a valid file, please provide a valid file name!  Exiting....";
        
  print_status "$1 is a valid file"
        
}
        
#######################################
        
# Verify user provided two arguments
        
# Verify user provided two arguments
        
[ $# -ne 2 ] && die "Usage: ./crt_to_keystore.sh <path_to_crt> <path_to_key>";
        

        
# Assign user's provided input to variables
        
crt=$1
        
key=$2
        
#read -p "Provide password to export .crt and .key: " key_pw
        
read -p "Provide password for new keystore: " pw
        

        
# Define some Variables
        
readonly ourPath="$(dirname $0)"
        
readonly gdbundle="$ourPath/gd_bundle.crt"  
        
readonly keystore="$ourPath/tomcat.keystore"
        
readonly p12="$ourPath/temp.p12"
        
readonly KEYTOOL=$(which keytool)
        
readonly OPENSSL=$(which openssl)
        

        
#######################################
        
# Functions used by main execution
        
function gd_check_cert {
        
    # Verify gd_bundle.crt exists
        
    [ ! -f "$1" ] && print_error "$1 not found!  Downloading..." && wget https://certs.godaddy.com/repository/$1;
        
    [ ! -f "$1" ] && die "$1 must exist in current path!  Exiting....";
        
    [ -f "$1" ] && print_status "found $1 in current path"
        
}
        

        
function verify_before_execution {
        
    printline
        
    #verify godaddy cert
        
    gd_check_cert $gdbundle
        

        
    #Check to make sure the user provided valid files
        

        
    file_must_exist ${crt}
        
    file_must_exist ${key}
        

        
    move_file_if_exist ${keystore}
        
}
        

        
function import_godaddy_root {
        
    print_status "Importing gd_bundle.crt to java key store..."
        

        
    ${KEYTOOL} -import 
        
    -alias root 
        
    -keystore ${keystore} 
        
    -trustcacerts 
        
    -file ${gdbundle} 
        
    -keypass ${pw} 
        
    -storepass ${pw}  >/dev/null 2>/dev/null
        
    [ ! $? -eq 0 ] && die "Error running command... Exiting!";
        
}
        

        
function export_to_p12 {
        
    printline
        
    print_status "Exporting your key and cert to pkcs12 format..."
        
    ${OPENSSL} pkcs12 -export -chain -CAfile gd_bundle.crt -inkey ${key} -in ${crt} -out ${p12} -password pass:${pw}
        

        
    [ ! $? -eq 0 ] && die "Error running command... Exiting!";
        

        
}
        

        
function import_p12_file {
        
    print_status "Importing p12 file to java key store..."
        
    ${KEYTOOL} -importkeystore 
        
    -srcalias 1 
        
    -destalias tomcat 
        
    -srckeystore ${p12} 
        
    -srcstoretype PKCS12 
        
    -srcstorepass ${pw} 
        
    -destkeystore ${keystore} 
        
    -keypass ${pw} 
        
    -storepass ${pw} 
        
    -dest‐storepass ${pw} >/dev/null 2>/dev/null
        
    [ ! $? -eq 0 ] && die "Error running command... Exiting!";
        
}
        

        
function print_msg_after_creation {
        
    printline
        
    print_good "Keystore ${keystore} creation complete!"
        
    printline
        
    print_status "Don't forget to copy ${keystore} to /etc/tomcat7/tomcat.keystore and update server.xml"
        
    printline
        
}
        

        
#######################################
        
# Main Execution
        
verify_before_execution
        
export_to_p12
        
import_godaddy_root
        
import_p12_file
        
print_msg_after_creation


        Source: http://brakertech.com/convert-valid-godaddy-cert-key-to-java-keystore/






        share|improve this answer


























          0












          0








          0







          I spend hours trying to figure this out and here are the fruits of my labor



          Problem



          You are unable to create a valid Tomcat Keystore using a GoDaddy crt and key file



          Curl output may look like this:



          curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
          
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed


          Getting the Script



          curl -O https://raw.github.com/ssstonebraker/braker-scripts/master/working-scripts/crt_to_keystore.sh
          
chmod +x crt_to_keystore.sh


          Using the script



          ./crt_to_keystore.sh <path_to_crt> <path_to_key>


          RAW Contents of Script



          #!/bin/bash
          
# Filename: crt_to_keystore.sh
          
# Description: create tomcat keystore from cert and key
          
# Usage: "Usage: ./crt_to_keystore.sh <path_to_crt> <path_to_key>"
          
# Author: Steve Stonebraker
          
# pretty printing functions
          
function print_status { echo -e "x1B[01;34m[*]x1B[0m $1"; }
          
function print_good { echo -e "x1B[01;32m[*]x1B[0m $1"; }
          
function print_error { echo -e "x1B[01;31m[*]x1B[0m $1"; }
          
function print_notification { echo -e "x1B[01;33m[*]x1B[0m $1"; }
          
function printline { hr=-------------------------------------------------------------------------------------------------------------------------------
          
printf '%sn' "${hr:0:${COLUMNS:-$(tput cols)}}"
          
}
          
####################################
          
# print message and exit program
          
function die { print_error "$1" >&2;exit 1; }
          
####################################
          
# function that is called when the script exits
          
function finish {
          
    [ -f $(dirname $0)/temp.p12 ] && shred -u $(dirname $0)/temp.p12;
          
}
          

          
#whenver the script exits call the function "finish"
          
trap finish EXIT
          
#######################################
          
# if file exists remove it
          
function move_file_if_exist {
          
  [ -e $1 ] && mv $1 $1.old && print_status "moved file $1 to $1.old";
          
}
          
#######################################
          
# Verify user provided valid file
          
function file_must_exist {
          
  [ ! -f $1 ] && die "$1 is not a valid file, please provide a valid file name!  Exiting....";
          
  print_status "$1 is a valid file"
          
}
          
#######################################
          
# Verify user provided two arguments
          
# Verify user provided two arguments
          
[ $# -ne 2 ] && die "Usage: ./crt_to_keystore.sh <path_to_crt> <path_to_key>";
          

          
# Assign user's provided input to variables
          
crt=$1
          
key=$2
          
#read -p "Provide password to export .crt and .key: " key_pw
          
read -p "Provide password for new keystore: " pw
          

          
# Define some Variables
          
readonly ourPath="$(dirname $0)"
          
readonly gdbundle="$ourPath/gd_bundle.crt"  
          
readonly keystore="$ourPath/tomcat.keystore"
          
readonly p12="$ourPath/temp.p12"
          
readonly KEYTOOL=$(which keytool)
          
readonly OPENSSL=$(which openssl)
          

          
#######################################
          
# Functions used by main execution
          
function gd_check_cert {
          
    # Verify gd_bundle.crt exists
          
    [ ! -f "$1" ] && print_error "$1 not found!  Downloading..." && wget https://certs.godaddy.com/repository/$1;
          
    [ ! -f "$1" ] && die "$1 must exist in current path!  Exiting....";
          
    [ -f "$1" ] && print_status "found $1 in current path"
          
}
          

          
function verify_before_execution {
          
    printline
          
    #verify godaddy cert
          
    gd_check_cert $gdbundle
          

          
    #Check to make sure the user provided valid files
          

          
    file_must_exist ${crt}
          
    file_must_exist ${key}
          

          
    move_file_if_exist ${keystore}
          
}
          

          
function import_godaddy_root {
          
    print_status "Importing gd_bundle.crt to java key store..."
          

          
    ${KEYTOOL} -import 
          
    -alias root 
          
    -keystore ${keystore} 
          
    -trustcacerts 
          
    -file ${gdbundle} 
          
    -keypass ${pw} 
          
    -storepass ${pw}  >/dev/null 2>/dev/null
          
    [ ! $? -eq 0 ] && die "Error running command... Exiting!";
          
}
          

          
function export_to_p12 {
          
    printline
          
    print_status "Exporting your key and cert to pkcs12 format..."
          
    ${OPENSSL} pkcs12 -export -chain -CAfile gd_bundle.crt -inkey ${key} -in ${crt} -out ${p12} -password pass:${pw}
          

          
    [ ! $? -eq 0 ] && die "Error running command... Exiting!";
          

          
}
          

          
function import_p12_file {
          
    print_status "Importing p12 file to java key store..."
          
    ${KEYTOOL} -importkeystore 
          
    -srcalias 1 
          
    -destalias tomcat 
          
    -srckeystore ${p12} 
          
    -srcstoretype PKCS12 
          
    -srcstorepass ${pw} 
          
    -destkeystore ${keystore} 
          
    -keypass ${pw} 
          
    -storepass ${pw} 
          
    -dest‐storepass ${pw} >/dev/null 2>/dev/null
          
    [ ! $? -eq 0 ] && die "Error running command... Exiting!";
          
}
          

          
function print_msg_after_creation {
          
    printline
          
    print_good "Keystore ${keystore} creation complete!"
          
    printline
          
    print_status "Don't forget to copy ${keystore} to /etc/tomcat7/tomcat.keystore and update server.xml"
          
    printline
          
}
          

          
#######################################
          
# Main Execution
          
verify_before_execution
          
export_to_p12
          
import_godaddy_root
          
import_p12_file
          
print_msg_after_creation


          Source: http://brakertech.com/convert-valid-godaddy-cert-key-to-java-keystore/






          share|improve this answer













          I spend hours trying to figure this out and here are the fruits of my labor



          Problem



          You are unable to create a valid Tomcat Keystore using a GoDaddy crt and key file



          Curl output may look like this:



          curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
          
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed


          Getting the Script



          curl -O https://raw.github.com/ssstonebraker/braker-scripts/master/working-scripts/crt_to_keystore.sh
          
chmod +x crt_to_keystore.sh


          Using the script



          ./crt_to_keystore.sh <path_to_crt> <path_to_key>


          RAW Contents of Script



          #!/bin/bash
          
# Filename: crt_to_keystore.sh
          
# Description: create tomcat keystore from cert and key
          
# Usage: "Usage: ./crt_to_keystore.sh <path_to_crt> <path_to_key>"
          
# Author: Steve Stonebraker
          
# pretty printing functions
          
function print_status { echo -e "x1B[01;34m[*]x1B[0m $1"; }
          
function print_good { echo -e "x1B[01;32m[*]x1B[0m $1"; }
          
function print_error { echo -e "x1B[01;31m[*]x1B[0m $1"; }
          
function print_notification { echo -e "x1B[01;33m[*]x1B[0m $1"; }
          
function printline { hr=-------------------------------------------------------------------------------------------------------------------------------
          
printf '%sn' "${hr:0:${COLUMNS:-$(tput cols)}}"
          
}
          
####################################
          
# print message and exit program
          
function die { print_error "$1" >&2;exit 1; }
          
####################################
          
# function that is called when the script exits
          
function finish {
          
    [ -f $(dirname $0)/temp.p12 ] && shred -u $(dirname $0)/temp.p12;
          
}
          

          
#whenver the script exits call the function "finish"
          
trap finish EXIT
          
#######################################
          
# if file exists remove it
          
function move_file_if_exist {
          
  [ -e $1 ] && mv $1 $1.old && print_status "moved file $1 to $1.old";
          
}
          
#######################################
          
# Verify user provided valid file
          
function file_must_exist {
          
  [ ! -f $1 ] && die "$1 is not a valid file, please provide a valid file name!  Exiting....";
          
  print_status "$1 is a valid file"
          
}
          
#######################################
          
# Verify user provided two arguments
          
# Verify user provided two arguments
          
[ $# -ne 2 ] && die "Usage: ./crt_to_keystore.sh <path_to_crt> <path_to_key>";
          

          
# Assign user's provided input to variables
          
crt=$1
          
key=$2
          
#read -p "Provide password to export .crt and .key: " key_pw
          
read -p "Provide password for new keystore: " pw
          

          
# Define some Variables
          
readonly ourPath="$(dirname $0)"
          
readonly gdbundle="$ourPath/gd_bundle.crt"  
          
readonly keystore="$ourPath/tomcat.keystore"
          
readonly p12="$ourPath/temp.p12"
          
readonly KEYTOOL=$(which keytool)
          
readonly OPENSSL=$(which openssl)
          

          
#######################################
          
# Functions used by main execution
          
function gd_check_cert {
          
    # Verify gd_bundle.crt exists
          
    [ ! -f "$1" ] && print_error "$1 not found!  Downloading..." && wget https://certs.godaddy.com/repository/$1;
          
    [ ! -f "$1" ] && die "$1 must exist in current path!  Exiting....";
          
    [ -f "$1" ] && print_status "found $1 in current path"
          
}
          

          
function verify_before_execution {
          
    printline
          
    #verify godaddy cert
          
    gd_check_cert $gdbundle
          

          
    #Check to make sure the user provided valid files
          

          
    file_must_exist ${crt}
          
    file_must_exist ${key}
          

          
    move_file_if_exist ${keystore}
          
}
          

          
function import_godaddy_root {
          
    print_status "Importing gd_bundle.crt to java key store..."
          

          
    ${KEYTOOL} -import 
          
    -alias root 
          
    -keystore ${keystore} 
          
    -trustcacerts 
          
    -file ${gdbundle} 
          
    -keypass ${pw} 
          
    -storepass ${pw}  >/dev/null 2>/dev/null
          
    [ ! $? -eq 0 ] && die "Error running command... Exiting!";
          
}
          

          
function export_to_p12 {
          
    printline
          
    print_status "Exporting your key and cert to pkcs12 format..."
          
    ${OPENSSL} pkcs12 -export -chain -CAfile gd_bundle.crt -inkey ${key} -in ${crt} -out ${p12} -password pass:${pw}
          

          
    [ ! $? -eq 0 ] && die "Error running command... Exiting!";
          

          
}
          

          
function import_p12_file {
          
    print_status "Importing p12 file to java key store..."
          
    ${KEYTOOL} -importkeystore 
          
    -srcalias 1 
          
    -destalias tomcat 
          
    -srckeystore ${p12} 
          
    -srcstoretype PKCS12 
          
    -srcstorepass ${pw} 
          
    -destkeystore ${keystore} 
          
    -keypass ${pw} 
          
    -storepass ${pw} 
          
    -dest‐storepass ${pw} >/dev/null 2>/dev/null
          
    [ ! $? -eq 0 ] && die "Error running command... Exiting!";
          
}
          

          
function print_msg_after_creation {
          
    printline
          
    print_good "Keystore ${keystore} creation complete!"
          
    printline
          
    print_status "Don't forget to copy ${keystore} to /etc/tomcat7/tomcat.keystore and update server.xml"
          
    printline
          
}
          

          
#######################################
          
# Main Execution
          
verify_before_execution
          
export_to_p12
          
import_godaddy_root
          
import_p12_file
          
print_msg_after_creation


          Source: http://brakertech.com/convert-valid-godaddy-cert-key-to-java-keystore/







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Oct 24 '13 at 19:30









          brakertechbrakertech

          225411




          225411

























              0














              I'll try to clarify a bit the signing procedure:




              • Key generation: you create a private key

              • CSR generation: with your private key you create a request to a Certification Autority that contains a cert to be signed

              • CA signature: CA signs your certificate and send it back to you (it now has inside your fingerprint and ca one).

              • cert import: import signed cert in keystore thus making it available to tomcat

              • chain-cert import: import certs that defines the trust-chain


              CA can delegate signing so in order to be sure that a signed cert is valid, clients should be able to check every CA identity. (i.e your cert is signed by ca.contoso and contoso uses verisign as cert authority; client will check then contoso and then verisign one, if all are OK your cert is considered valid)






              share|improve this answer






























                0














                I'll try to clarify a bit the signing procedure:




                • Key generation: you create a private key

                • CSR generation: with your private key you create a request to a Certification Autority that contains a cert to be signed

                • CA signature: CA signs your certificate and send it back to you (it now has inside your fingerprint and ca one).

                • cert import: import signed cert in keystore thus making it available to tomcat

                • chain-cert import: import certs that defines the trust-chain


                CA can delegate signing so in order to be sure that a signed cert is valid, clients should be able to check every CA identity. (i.e your cert is signed by ca.contoso and contoso uses verisign as cert authority; client will check then contoso and then verisign one, if all are OK your cert is considered valid)






                share|improve this answer




























                  0












                  0








                  0







                  I'll try to clarify a bit the signing procedure:




                  • Key generation: you create a private key

                  • CSR generation: with your private key you create a request to a Certification Autority that contains a cert to be signed

                  • CA signature: CA signs your certificate and send it back to you (it now has inside your fingerprint and ca one).

                  • cert import: import signed cert in keystore thus making it available to tomcat

                  • chain-cert import: import certs that defines the trust-chain


                  CA can delegate signing so in order to be sure that a signed cert is valid, clients should be able to check every CA identity. (i.e your cert is signed by ca.contoso and contoso uses verisign as cert authority; client will check then contoso and then verisign one, if all are OK your cert is considered valid)






                  share|improve this answer















                  I'll try to clarify a bit the signing procedure:




                  • Key generation: you create a private key

                  • CSR generation: with your private key you create a request to a Certification Autority that contains a cert to be signed

                  • CA signature: CA signs your certificate and send it back to you (it now has inside your fingerprint and ca one).

                  • cert import: import signed cert in keystore thus making it available to tomcat

                  • chain-cert import: import certs that defines the trust-chain


                  CA can delegate signing so in order to be sure that a signed cert is valid, clients should be able to check every CA identity. (i.e your cert is signed by ca.contoso and contoso uses verisign as cert authority; client will check then contoso and then verisign one, if all are OK your cert is considered valid)







                  share|improve this answer














                  share|improve this answer



                  share|improve this answer








                  edited Jun 3 '18 at 4:55









                  arieljannai

                  171118




                  171118










                  answered Aug 23 '13 at 8:38









                  Valerio MinettiValerio Minetti

                  32326




                  32326






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Server Fault!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f483130%2fhow-to-install-ssl-on-tomcat-7%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      -

                      Popular posts from this blog

                      As a Security Precaution, the user account has been locked The Next CEO of Stack OverflowMS...

                      Image
                      Could a dragon use its wings to swim? Is it a bad idea to plug the other end of ESD strap to wall ground? How can I prove that a state of equilibrium is unstable? Compilation of a 2d array and a 1d array pgfplots: How to draw a tangent graph below two others? How dangerous is XSS Gauss' Posthumous Publications? How to implement Comparable so it is consistent with identity-equality What does this strange code stamp on my passport mean? "Eavesdropping" vs "Listen in on" Which acid/base does a strong base/acid react when added to a buffer solution?
                      Read more

                      Список ссавців Італії Природоохоронні статуси | Список |...

                      Image
                      Списки ссавцівФауна ІталіїСписки:ІталіяСсавці Італії ІталіїМСОПХижіCetartiodactylaРукокриліКомахоїдніЗайцеподібніГризуниМСОП ссавці Італії ? Італія Біорегіон Біогеографічний екорегіон Голарктика Екозона Палеарктика Біом субтропічний ліс, альпійські луки, прісні води, континентальний шельф, континентальний схил Місцевість Континент Європа Країна Італія Територія Середземне море Фауна більшого обсягу За географією фауна Європи За систематикою ссавці, фауна Італії За екологією суходільна фауна, морська фауна За біогеографією теріофауна Європи Геологічний вік сучасність Особливості Видовий обсяг 121 Чужорідні види Genetta genetta, Ondatra zibethicus, Oryctolagus cuniculus, Rattus norvegicus, Rattus rattus, Sciurus carolinensis, Tamias sibiricus Список ссавців Італії містить перелік видів, записаних на території Італії (південна Європа) згідно з
                      Read more

                      Українські прізвища Зміст Історичні відомості |...

                      Image
                      АдигськіАбхазькіАзербайджанські [en] Албанські [en] АлтайськіАмериканські [en] Афроамериканські [en] АнглійськіАрабськіБашкирськіБілоруські [en] прізвищаБолгарські [en] БоснійськіБурятськіВельські [en] ВепськіВ'єтнамські [en] Вірменські [en] Гавайські [en] ГолландськіГрецькіГрузинськіДанськіЕстонськіЄврейські [en] Юдейські [en] Ефіопія/Еритрея [en] Зімбабвійські [en] Індіанські [en] ІндійськіІндонезійські [en] Ірландські [en] ІсландськіІспанські і португальськіІталійськіКалмицькі [en] КарельськіКазахськіКамбоджійські [en] Канадські [en] КіргизькіКитайські [en] КоміКорейськіЛатиськіЛитовські [en] Лаоські [en] МарійськіМакедонські [en] Малазійські [en] Монгольські [en] МордовськіНімецькіНорвезькіОсетинськіПерські [en] ПольськіПрибалтійськіПортугальськіРосійськіпрізвищаРумунськіСербськіСкандинавськіСлов'янськіСахаСловацькі [en] Сомалійські [en] ТайванськіТайські [en] Татарські [en] ТибетськіТувинськіТурецькі [en] УгорськіУдмуртськіУкраїнськіпрізвищаФіджійські [en] ФінськіФранцузьк
                      Read more