0

I used all the tutorials on the web to be able to generate a keystore and use it in the configuration of the tomcat 9 server under ubuntu

The three keys received from my site provider(IONOS) are:

private_key.key :

-----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----

ssl_certificate.cer :

-----BEGIN CERTIFICATE----- -----END CERTIFICATE-----

ssl_certificate_INTERMEDIATE.cer :

-----BEGIN CERTIFICATE----- -----END CERTIFICATE-----

The connector is configured as below :

Question : how can i generate my keystore key to use with tomcat server. Thanks in advance for your response and help

Nasser MEHLEB
  • 21
  • 1
  • 3
  • – Nasser MEHLEB Nov 06 '21 at 13:44
  • 1
    Your files are PEM files: `private_key.key` is the `certificateKeyFile`, `ssl_certificate.cer` is the `certificateFile` and `ssl_certificate_INTERMEDIATE.cer` is the `certificateChainFile`. – Piotr P. Karwasz Nov 06 '21 at 16:57
  • Thanks a lot for your replay, but my file extentions are ".key" and ".cer" not .pem, should i converts my files to pem files ? – Nasser MEHLEB Nov 06 '21 at 17:25
  • The extensions used for private keys and certificates usually don't specify the format used (see [this question](https://crypto.stackexchange.com/q/43697)). Your files start with `------BEGIN `, therefore they are already in PEM format, no conversion is required. – Piotr P. Karwasz Nov 06 '21 at 18:07
  • Thanks, but still doesn't work : – Nasser MEHLEB Nov 06 '21 at 18:37
  • My connector configuration is : – Nasser MEHLEB Nov 06 '21 at 18:37
  • I have copied the certificate files respectively in /opt/tomcat/conf/* (3files) and named them like bellow in connector descriptor. – Nasser MEHLEB Nov 06 '21 at 18:39
  • When i access my site web with adding port number : https://www.mysite.fr:8443 it works and the navigator says that the connexion is secure but using : https://www.mysite.fr the navigator says that there is "ERR_SSL_PROTOCOL_ERROR" error. – Nasser MEHLEB Nov 06 '21 at 18:42
  • tomcat statrup results : 06-Nov-2021 20:13:30.812 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"] 06-Nov-2021 20:13:30.825 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-openssl-nio-8443"] 06-Nov-2021 20:13:30.828 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [4835] milliseconds – Nasser MEHLEB Nov 06 '21 at 19:16
  • You should [edit](https://stackoverflow.com/posts/69864519/edit) your question and add the information in your comments: they will be more readable. You configured Tomcat to run on port `8443`, hence `https://mysite.fr:8443` works. The URL `https://mysite.fr` uses the default port `443`, which is not served by Tomcat, but by some other server that needs also to be configured to use your certificate. – Piotr P. Karwasz Nov 06 '21 at 19:33
  • All works fine, I have changed apache2 port from 80 to 1800 and then stops AVAST antivirus for 10 minutes and refreshing Chrome and Mozilla had access to my site. – Nasser MEHLEB Nov 06 '21 at 21:53
  • @Piotr P. Karwasz thanks for your help. – Nasser MEHLEB Nov 06 '21 at 21:54

0 Answers0