Enable SSL and several domains on Tomcat 10

1. get CSR and private key

create CSR at domain-hoster.de or other web site

save CSR to file mydomain.csr

save key to file mydomain.pcks8

2. get certificate from CA

GeoTrust or other

get files

root.crt

intermediate.crt

mydomain.crt

3. create JAVA keystore

use keystore explorer

create new JAVA keystore (JKS) my.keystore with password mypassword

import the mydomain.crt

import keypair from mydomain.crt and mydomain.pcks8

append intermediate.crt to keypair

append root.crt to keypair

save keystore my.keystore to Tomcat Home\

4. edit server.xml

enable SSL connector at port 443 additionally

<Connector port="80" protocol="HTTP/1.1"

   connectionTimeout="20000"

   redirectPort="443" />

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"

   maxThreads="150" SSLEnabled="true">

   <UpgradeProtocol   className="org.apache.coyote.http2.Http2Protocol" />

   <SSLHostConfig>

   <Certificate certificateKeystoreFile="my.keystore"

   certificateKeystorePassword="mypassword"

   type="RSA" />

   </SSLHostConfig>

</Connector>

5. several domains

enable other host myotherdomain

(beware of comments in .xml)

<Host name="localhost" appBase="webapps"

   unpackWARs="true" autoDeploy="true">

   <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"

   prefix="localhost_access_log" suffix=".txt"

   pattern="%h %l %u %t &quot;%r&quot; %s %b" />

</Host>

<Host name="myotherdomain" appBase="webapps.myotherdomain"

   unpackWARs="true" autoDeploy="true">

   <Alias>myotherdomain</Alias>

   <Context path="" docbase="."/>

</Host>

...