You Entered an Invalid Csr Please Try Again Linode

It's been almost 12 years I started using Apache Tomcat. I believe when I did my 1st under form project, information technology was on Tomcat version 1.x. Now information technology'southward already on version eight.0. Mostly I've been in touch with Tomcat Server in my daily work life, simply tin can't alive without it.

On Crunchify nosotros have already published well-nigh twoscore articles on Apache Tomcat. In most of the tutorial I've run server on port 8080 which is default port configured in server.xml file.

In this tutorial we volition go over all steps in details on how to enable HTTPS/SSL on Apache Tomcat Server.

Let's get started:

Step-1. Create Keystore

keytool: we volition generate secure key using keytool command – which is key and certificate management tool.

Command:

bash-3.2 $ pwd /Users/Shared bash-iii.2 $ keytool -genkey -allonym crunchify -keyalg RSA -keystore /Users/Shared/crunchify . keystore

File will be created under folder /Users/Shared.

1 ii 3 four v 6 seven 8 ix 10 11 12 13 xiv xv sixteen 17 18 19 20

bash-three.two $ keytool -genkey -alias crunchify -keyalg RSA -keystore /Users/Shared/crunchify . keystore Enter keystore password : Re-enter new password : What is your commencement and last proper noun ? [ Unknown ] : App Shah What is the name of your organizational unit ? [ Unknown ] : Crunchify , LLC What is the name of your organization ? [ Unknown ] : Crunchify What is the proper name of your City or Locality ? [ Unknown ] : New York City What is the proper noun of your Land or Province ? [ Unknown ] : NY What is the two-letter country code for this unit ? [ Unknown ] : US Is CN=App Shah , OU="Crunchify, LLC" , O=Crunchify , Fifty=New York Urban center , ST=NY , C=US correct ? [ no ] : yeah Generating two , 048 scrap RSA primal pair and cocky-signed certificate ( SHA256withRSA ) with a validity of 90 days for : CN=App Shah , OU="Crunchify, LLC" , O=Crunchify , L=New York City , ST=NY , C=United states of america

I'grand using Mac Bone X, then replace your path accordingly if you are on windows. I've used password 123456.

Pace-ii. Create Self Signed Certificate Signing Request

fustigate-three.2 $ keytool -certreq -keyalg RSA -allonym crunchify -file crunchify . csr -keystore crunchify . keystore Enter keystore countersign :

Enter password: 123456

Stride-3. Let's cheque first tomcat is running on port 8080 over HTTP.

Start tomcat server using command: <tomcat_home>/bin/startup.sh.

Brand sure yous are in correct tomcat path location.

fustigate-3.2 # pwd /Users/Shared/apache-tomcat-9.0.30/bin fustigate-three.2 $ ./startup . sh Using CATALINA_BASE : /Users/Shared/apache-tomcat-ix.0.30 Using CATALINA_HOME : /Users/Shared/apache-tomcat-nine.0.thirty Using CATALINA_TMPDIR : /Users/Shared/apache-tomcat-9.0.30/temp Using JRE_HOME : /Library/Coffee/JavaVirtualMachines/jdk-xiii.0.i.jdk/Contents/Home Using CLASSPATH : /Users/Shared/apache-tomcat-9.0.thirty/bin/bootstrap . jar :/Users/Shared/apache-tomcat-9.0.30/bin/tomcat-juli . jar Tomcat started .

Hit URL: http://localhost:8080 to brand sure server is up and running.

Step-4. Now cheque tomcat instance on port 8443 over HTTPS.

• Now check port 8443 (HTTPS/SSL URL).
• Hit URL: https://localhost:8443
• You should see error message. Folio shouldn't load at all.

Step-5. Update /conf/server.xml file

As nosotros have generated keystore and certificate signing request above, we need to tell tomcat to use that.

• Open server.xml file which is located at <tomcat_home>/conf/ binder and modify settings.
• In our case information technology'due south /Users/Shared/apache-tomcat-ix.0.30/conf binder.

Add beneath department directly to server.xml file:

< Connector port="8443" protocol="HTTP/i.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="truthful" keystoreFile="/Users/Shared/crunchify.keystore" keystorePass="123456" clientAuth="false" sslProtocol="TLS" sslVerifyClient="optional" sslEnabledProtocols="TLSv1.2,TLSv1.one,SSLv2Hello"/>

• Here password is 123456 which I used in Step-1.
• Protocol: HTTP/1.1

Save file. Next we volition stop and start Tomcat Server.

Footstep-6. Cease and Start Apache Tomcat.

• fustigate-three.two$ /Users/Shared/apache-tomcat-ix.0.xxx/bin/shutdown.sh
• bash-3.2$ /Users/Shared/apache-tomcat-9.0.xxx/bin/startup.sh

1 2 three four 5 vi seven 8 9 x 11 12 13 14 fifteen 16 17

fustigate-3.2 $ /Users/Shared/apache-tomcat-9.0.30/bin/shutdown . sh Using CATALINA_BASE : /Users/Shared/apache-tomcat-9.0.30 Using CATALINA_HOME : /Users/Shared/apache-tomcat-9.0.30 Using CATALINA_TMPDIR : /Users/Shared/apache-tomcat-9.0.30/temp Using JRE_HOME : /Library/Java/JavaVirtualMachines/jdk-13.0.1.jdk/Contents/Home Using CLASSPATH : /Users/Shared/apache-tomcat-nine.0.30/bin/bootstrap . jar :/Users/Shared/apache-tomcat-ix.0.thirty/bin/tomcat-juli . jar Annotation : Picked up JDK_JAVA_OPTIONS : --add-opens=coffee . base/java . lang=ALL-UNNAMED --add-opens=java . base/coffee . io=ALL-UNNAMED --add together-opens=coffee . rmi/lord's day . rmi . ship=ALL-UNNAMED fustigate-3.2 $ /Users/Shared/apache-tomcat-nine.0.30/bin/startup . sh Using CATALINA_BASE : /Users/Shared/apache-tomcat-nine.0.30 Using CATALINA_HOME : /Users/Shared/apache-tomcat-9.0.30 Using CATALINA_TMPDIR : /Users/Shared/apache-tomcat-9.0.thirty/temp Using JRE_HOME : /Library/Java/JavaVirtualMachines/jdk-xiii.0.one.jdk/Contents/Home Using CLASSPATH : /Users/Shared/apache-tomcat-ix.0.thirty/bin/bootstrap . jar :/Users/Shared/apache-tomcat-ix.0.30/bin/tomcat-juli . jar Tomcat started .

Step-7. Check HTTPS url and certification: https://localhost:8443

Now hitting HTTPS secure URL again to check you folio loaded successfully.

Chrome:

• By default Chrome Blocks all insecure HTTPS sites from loading.
• Enable Chrome flag to load invalid certificates for resources loaded from localhost

1. 1. Become to Chrome
   2. Open up Tab
   3. type: chrome://flags/#allow-insecure-localhost
   4. Enable flag from drop down
   5. Relaunch Chrome

Safari and Mozilla Firefox:

• Accept invalid certificate fault and visit site.

You lot should see Apache Tomcat page loading over HTTPS on port 8443 🙂

You are all prepare. Have you noticed cherry padlock? Don't worry. We haven't purchase SSL cert from Verisign or Comodo.

In product environment you lot may non see that red cross sign.

Click on document in browser and our default self signed certificate should be valid for 90 days.

Bonus point:

How to check your cert content using command keytool?

fustigate-3.2 # keytool -list -keystore /Users/<username>/crunchify.keystore

Result:

bash-3.ii $ keytool -listing -keystore /Users/Shared/crunchify . keystore Enter keystore password : Keystore type : PKCS12 Keystore provider : Sunday Your keystore contains 1 entry crunchify , Apr 24 , 2020 , PrivateKeyEntry , Certificate fingerprint ( SHA-256 ) : 9D : 26 : 77 : E0 : E8 : 79 : 5B : 46 : 57 : 64 : 04 : 95 : B8 : 22 : 9C : E2 : 9F : A4 : 82 : CB : 01 : B5 : 80 : 62 : 75 : 90 : 48 : 27 : 5F : 60 : CB : C8 bash-3.2 $

Share:

I'grand an Engineer by profession, Blogger by passion & Founder of Crunchify, LLC, the largest free blogging & technical resources site for beginners. Love SEO, SaaS, #webperf, WordPress, Java. With over 16 millions+ pageviews/calendar month, Crunchify has changed the life of over thousands of individual around the earth teaching Java & Web Tech for FREE.

millerpentat.blogspot.com

Source: https://crunchify.com/step-by-step-guide-to-enable-https-or-ssl-correct-way-on-apache-tomcat-server-port-8443/

Share this post