Reputation: 63
Configuration SSL Tomcat 7 importing comodo apache certificates
I used openssl to generate a csr and key file, I buy a SSL certificates provide from COMODO, I have installed the SSL service in my apache server on port 443 and it work!. In this same server I have installed apache tomcat7 running in port 8080. I want to install the same certificates in Tomcat7 port 8443. COMODO provided me two files: certificate .crt and intermediate .ca-bundle file. with this files I have generated a keystore importing the files with this instructions:
keytool -import -alias root -keystore <your_keystore_filename>
-trustcacerts -file <filename_of_the_chain_certificate - .ca-bundle>
keytool -import -alias tomcat -keystore <your_keystore_filename>
-file <your_certificate_filename .crt>
after I have configured the server.xml file so:
<Connector port="8443"cprotocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true" maxThreads="150" scheme="https" secure="true"
maxHttpHeaderSize="8192" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" clientAuth="false"
sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"
keystoreFile="/etc/apache2/ssl/keystore" keystorePass="password"
sslProtocols="TLSv1, TLSv1.1, TLSv1.2"
ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSVF "/>but no work, I get this message in chrome:
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
There aren't in the tomcat log files. What is wrong here? Thanks!!!
Upvotes: 0
Views: 1736
Answers (1)
Reputation: 63
this is the answer importing an existing x509 certificate and private key in Java keystore to use in ssl.
But additionally, the .ca-bundle provide for COMODO have two certificates, root and intermediate. You need to open the file, extract the certificates and create other two files root.crt and intermediate.crt. with this you can import them and create the new key as show the post above.
Upvotes: 0
Related Questions
- How to configure Tomcat SSLHostConfig correctly?
- Import ssl certificates to Apache Tomcat
- Tomcat SSL certificate from Windows cert manager
- Install SSL on Tomcat with certificate .cer
- Issue in tomcat 7.0 to configure tomcat to support ssl
- SSL Certificate installation issue on tomcat server
- Installation of WildCard SSL certificate (By Comodo) on Tomcat Apache Web Server
- Not able to configure SSL with Tomcat 7
- ssl tomcat certificate error
- Configuring SSL with tomcat