Enable SSL and several domains on Tomcat 10
1. get CSR and private key
create
CSR at domain-hoster.de or other web site
save CSR to file mydomain.csr
save key to file mydomain.pcks8
2. get certificate from CA
GeoTrust or other
get files
root.crt
intermediate.crt
mydomain.crt
3. create JAVA keystore
use keystore explorer
create new JAVA keystore (JKS) my.keystore with password mypassword
import the mydomain.crt
import keypair from mydomain.crt and mydomain.pcks8
append intermediate.crt to keypair
append root.crt to keypair
save keystore my.keystore to Tomcat Home\
4. edit server.xml
enable SSL connector at port 443 additionally
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<Connector port="443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<UpgradeProtocol
className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeystoreFile="my.keystore"
certificateKeystorePassword="mypassword"
type="RSA" />
</SSLHostConfig>
</Connector>
5. several domains
enable other host myotherdomain
(beware of comments in .xml)
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve
className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s
%b" />
</Host>
<Host name="myotherdomain"
appBase="webapps.myotherdomain"
unpackWARs="true" autoDeploy="true">
<Alias>myotherdomain</Alias>
<Context path="" docbase="."/>
</Host>
...