Tomcat8.5/Tomcat9 Certificate Deployment

I. Obtaining jks format certificate

Login: https://console.ucloud-global.com/ussl/ussl

After viewing the order, action: Certificate download, you need to convert it to JKS format certificate from here format conversion tool

After decompressing the JKS format certificate, you will see a folder as shown in the picture

The format of the file in the folder is pem, cer is the public key of the certificate (this file can be renamed as server.pem), and key is the private key (which can be renamed as server.key)

II. Deploy the certificate to tomcat

Store the jks file in the conf directory, and then configure the server.xml file in the same directory. For the first configuration, there is a connector that has been commented out. NIO is used to make the JSSE engine, modify it to

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"  maxThreads="150" SSLEnabled="true">

        <SSLHostConfig>

            <Certificate certificateKeystoreFile="conf/www.trustasia.com.jks"

              certificateKeystorePassword="The certificate password you just set"

              certificateKeyAlias="www.trustasia.com"

                         type="RSA" />

        </SSLHostConfig>

    </Connector>

Note: certificateKeystorePassword and certificateKeyAlias need to be added.

certificateKeystorePassword is the jks password

certificateKeyAlias is the jks alias. If there is no special situation, the alias is the domain name of the applied certificate. For example, if you apply for _.trustasia.com.jks wildcard certificate, the alias is *.trustasia.com; The alias of www.trustasia.com.jks is www.trustasia.com

Alias check method, inside jdk tool: keytool –list –keystore jks file –storepass jks file password. This way you can display the entry list.