sslhelp      


Enable SSL and several domains on Tomcat 10


1. get CSR and private key

create CSR at domain-hoster.de or other web site

save CSR to file mydomain.csr

save key to file mydomain.pcks8


2. get certificate from CA

GeoTrust or other

get files

  • root.crt
  • intermediate.crt
  • mydomain.crt

  • 3. create JAVA keystore

    use keystore explorer

    create new JAVA keystore (JKS) my.keystore with password mypassword

  • import the mydomain.crt
  • import keypair from mydomain.crt and mydomain.pcks8
  • append intermediate.crt to keypair
  • append root.crt to keypair
  • save keystore my.keystore to Tomcat Home\


    4. edit server.xml

    enable SSL connector at port 443 additionally


    <Connector port="80" protocol="HTTP/1.1"

       connectionTimeout="20000"

       redirectPort="443" />


    <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"

       maxThreads="150" SSLEnabled="true">

       <UpgradeProtocol   className="org.apache.coyote.http2.Http2Protocol" />

       <SSLHostConfig>

       <Certificate certificateKeystoreFile="my.keystore"

       certificateKeystorePassword="mypassword"

       type="RSA" />

       </SSLHostConfig>

    </Connector>


    5. several domains

    enable other host myotherdomain

    (beware of comments in .xml)


    <Host name="localhost" appBase="webapps"

       unpackWARs="true" autoDeploy="true">

       <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"

       prefix="localhost_access_log" suffix=".txt"

       pattern="%h %l %u %t &quot;%r&quot; %s %b" />

    </Host>


    <Host name="myotherdomain" appBase="webapps.myotherdomain"

       unpackWARs="true" autoDeploy="true">

       <Alias>myotherdomain</Alias>

       <Context path="" docbase="."/>

    </Host>

    ...