httpS for badger

Got hold of a geotrust signed certificate for badger. That was easy (and $110 of UVM money).

Hard part was getting it installed, since I built the key and the certificate signing request (CSR) with openssl rather than keytool, and it was all being installed in tomcat.

The Tomcat SSL How-To proved to be the definitive source, but it took several readings and several google searches and several failed attempts to get the right syntax and in/out files. Here’s what finally worked

openssl pkcs12 -export -in badger.crt -inkey badger.key 
-out badger.p12 -name tomcat
-CAfile ca-bundle.crt -caname root -chain

along with this entry in /usr/local/jakarta-tomcat/conf/server.xml

    <Connector port="443" 
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" debug="0" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
                keystoreFile="/usr/share/ssl/certs/badger.p12" keystorePass="xxxxxx"

Still need to get hold of a certificate from and add to default JAVA_HOME security chain

About Wesley Wright

Born on a mountain top near New York City, Craziest state in the land of the pretty. Raised in the woods so's he knew every tree, Killed him a bear when he was only three.
This entry was posted in Projects, Systems and Servers. Bookmark the permalink.

Leave a Reply