Create a valid self signed certificate using openssl and deploy in apache tomcat
|
Saturday, January 21, 2023
|
No comments
|
[req] default_bits = 2048 prompt = no default_md = sha256 distinguished_name = dn [dn] C=IN ST=KA L=Bangalore O=CAORG OU=IT emailAddress=admin@myexample.com CN = localhost
authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = myexample.com DNS.2=sub.myexample.com DNS.3=127.0.0.1 DNS.4=localhost
Step 1- Create an RSA-2048 key and save it to a file rootCA.key
openssl genrsa -des3 -out rootCA.key 2048
Set the password for CA key.
Step 2-Create a root certificate through the key generated
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1460 -out rootCA.pem
Add the certificate in the trusted root run following command.
certutil -addstore -f "ROOT" rootCA.pem
Step 3- Create a private key and CSR for local Certificare
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config server.csr.cnf
Step 4- Issue a certificate via the root SSL certificate and the CSR
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext
Step 5- Create a full chain certificate
cat server.crt > fullchain.pem
cat rootCA.pem >> .\fullchain.pem
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" > <SSLHostConfig> <Certificate certificateKeyFile="conf/server.key" certificateFile="conf/server.crt" certificateChainFile="conf/fullchain.pem" type="RSA" /> </SSLHostConfig> </Connector>
0 comments :
Post a Comment