SSL Certificate Installation On Tomcat For CentOS7

S. Sharad

Below are the steps.

Here we are using Let’s Encrypt SSL Certificate to secure the Tomcat Server. For this example, I am using demo.ssharad.com as domain name for Tomcat.

Before I move ahead, please make sure that your server must have Tomcat running and DNS properly configured. The name demo.ssharad.com should resolve to some IP as given below.

1.    Install host command using following package.

# yum install bind-utils -y

2.  Check dns as  below.

# host demo.ssharad.com
demo.ssharad.com has address 103.159.239.220

It should give resolve to some IP. In above case it is resolving to 103.159.239.220. That’s Good.

3.  Install EPEL Package for installing certbot command for generation of certificates.

#  yum install epel-release -y

4. Install certbot command.

#  yum install certbot -y

5. Create standalone certificate for demo.ssharad.com as below.

#  certbot certonly --standalone -d demo.ssharad.com

This will create following files in /etc/letsencrypt/live/demo.ssharad.com/ folder.

cert.pem

chain.pem

privkey.pem

You have to copy all these files to Tomcat’s Conf Folder as below.

#  cd /etc/letsencrypt/live/demo.ssharad.com/

#  cp {cert,chain,privkey}.pem /usr/local/apache-tomcat-9.0.53/conf/

6.  Now edit server.xml file in Tomcat as below

#  nano /usr/local/apache-tomcat-9.0.53/conf/server.xml

7.  Search Connector port=”8443″ Section and edit as below. You also need to remove comments tags. (<!–    –>)

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateFile="conf/cert.pem"
certificateKeyFile="conf/privkey.pem"
certificateChainFile="conf/chain.pem" />
</SSLHostConfig>
</Connector>

8.  Save the file and restart Tomcat as below.

#  /usr/local/apache-tomcat-9.0.53/bin/shutdown.sh

#  /usr/local/apache-tomcat-9.0.53/bin/startup.sh

Check activity on port 8443

# lsof -i :8443
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 1641 root 59u IPv6 18946 0t0 TCP *:pcsync-https (LISTEN)

Now Tomcat is working on SSL. Let us check it.

9.  In your browser  type following Url to check SSL.

https://demo.ssharad.com:8443

It should give Tomcat Default Page.