Configure SSL on campusM Connect Layer
- Product: campusM
- Operating system: iOS, Android,Web
1) Make sure you have a separate file for the server key, server certificate as well as each certfificate in the CA chain, for example:
1) certificate.key
2) certificate.crt
3) ca1.crt
4) root.crt
If need be, copy each individual certificate in the CA chain to a new file
2) convert the base64 encoded keyfile and certificate file to .p12 file
openssl pkcs12 -export -out keyStore.p12 -inkey certificate.key -in certificate.crt
Provide a password to the P12 file
Enter Export Password: changeit
Verifying - Enter Export Password: changeit
3) Create a JKS file with the server key and certificate files
keytool -importkeystore -srckeystore keyStore.p12 -destkeystore certificate.jks -srcstoretype pkcs12
Provide the password to the p12 file as well as the newly created jks file:
Importing keystore keyStore.p12 to certificate.jks...
Enter destination keystore password: changeit
Re-enter new password: changeit
Enter source keystore password: changeit
Entry for alias 1 successfully imported.
4) Import CA certificate files into the JKS
keytool -import -alias a -file ca1.crt -storepass changeit -keystore certificate.jks -noprompt -trustcacerts
keytool -import -alias b -file root.crt -storepass changeit -keystore certificate.jks -noprompt -trustcacerts
5) Modify the tomcat_home/conf/server.xml file and add the jks to the SSL enabled connector, for example:
<!-- Define an SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="/opt/tomcat/conf/certificate.jks" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
- Article last edited: 20-Jan-2021