Difference between revisions of "Certificate SSL"
Jump to navigation
Jump to search
old>Admin |
old>Admin |
||
| Line 15: | Line 15: | ||
openssl pkcs12 -export -out movia.tempusserva.dk.pfx -inkey movia_tempusserva_dk_key.txt -in movia.tempusserva.dk.crt | openssl pkcs12 -export -out movia.tempusserva.dk.pfx -inkey movia_tempusserva_dk_key.txt -in movia.tempusserva.dk.crt | ||
Write the password down | |||
4. Install in tomcat | 4. Install in tomcat | ||
| Line 23: | Line 25: | ||
maxThreads="150" minSpareThreads="25" maxSpareThreads="75" | maxThreads="150" minSpareThreads="25" maxSpareThreads="75" | ||
enableLookups="false" acceptCount="100" disableUploadTimeout="true" | enableLookups="false" acceptCount="100" disableUploadTimeout="true" | ||
keystoreFile="/mnt/sda/certs/ | keystoreFile="/mnt/sda/certs/movia.tempusserva.dk.pfx" keystorePass="TempusServaFTW!" keyAlias="tempusserva" | ||
clientAuth="false" sslProtocol="TLS" | clientAuth="false" sslProtocol="TLS" | ||
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA" | ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA" | ||
Revision as of 20:26, 24 November 2021
Classic certificates
Aquire certificate
Buy a certificate from a provider. Note that the max lifetime is currently 1 year, så buying a 5 year certificate only help on pricing.
After issuing the files you will have
- A private key - ex: movia.tempusserva.dk.pfx
- A certificate - ex: movia_tempusserva_dk_key.txt
Install certificate
1. Upload the files
2. Convert to a pfx file format
openssl pkcs12 -export -out movia.tempusserva.dk.pfx -inkey movia_tempusserva_dk_key.txt -in movia.tempusserva.dk.crt
Write the password down
4. Install in tomcat Add the following code to <tomcat>\conf\server.xml
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" URIEncoding="UTF-8"
scheme="https" secure="true" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" acceptCount="100" disableUploadTimeout="true"
keystoreFile="/mnt/sda/certs/movia.tempusserva.dk.pfx" keystorePass="TempusServaFTW!" keyAlias="tempusserva"
clientAuth="false" sslProtocol="TLS"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA"
compression="on" compressionMinSize="2048" nocompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml,text/plain,application/xml"
/>
5. Restart the server