Installation of Apache Tomcat with truted HTTPs

I have done it for Debian. Trusted HTTPS configuration is the last page. I took help from the URL:

Apache2, mod_jk, apache tomcat 5.5.16,  JDK, openssl, libapache-mod-ssl

Step by step Configuration:
1. Install apache2. For tomcat we have to change some from the normal configuration. (I folowed the URL )

2. Install JDK at Debian. (I followed the URL ).
3. Install and Configuring Tomcat.
a. Download the tar.gz file from
b. extract the files using following commands.
#cd /downloads #unp apache-tomcat-5.5.16.tar.gz

#mv apache-tomcat-5.5.16 /usr/lib

c.#cd /usr/lib

d. Now create a symbolic link called apache-tomcat to the CATALINA_HOME by the following command.
#ln -s apache-tomcat-5.5.16 apache-tomcat

e. #cd /usr/lib/apache-tomcat/bin

f. #./

4. Install and Configure mod_jk (I followed the URL

5.  Configuring Tomcat and Apache. (I followed URL

a. First create the file in your Apache2 root directory.

b. open the file and add some lines.(For details

c. Add some  lines at /etc/apache2/apache2.conf file (For details

d. add a user tomcat at a group tomcat.

e. change the user and group of the Tomcat path

f. change the password of tomcat.

g. start and stop tomcat server using tomcat user

h. restart apache2.

6. Creating self signed SSL Certification Using OpenSSL (for details )

a. install openssl and libapache-mod-ssl

b. create a workable directory.

c. create a database for the certificates we will sign

d. We have to add some lines to openssl.cnf (for deatils check

e. Run the following command:

openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem \

-out cacert.pem -days 3650 -config ./openssl.cnf

7. Creating a Certificate Signing Request (CSR):

a.Our configuration file needs some more definitions for creating non-CA certificates. Add the following at the end of the file:

[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash

b. insert the following line to the req section after the distinguished_name line as shown:

distinguished_name = req_distinguished_name
req_extensions = v3_req

c. Now we are ready to create first certificate request.

d. openssl req -new -nodes -out req.pem -config ./openssl.cnf

e. openssl req -in req.pem -text -verify -noout

f.Signing a certificate: Insert some line at openssl.cnf file (for detail

g. openssl ca -out cert.pem -config ./openssl.cnf -infiles req.pem

h. Installing the certificate and key.

cat key.pem cert.pem  key-cert.pem

i. After this step, you have three installable components to choose from: A private key in key.pem, A certificate in cert.pem, A combined private key and certificate in

Copy the appropriate files into the locations specified by the instructions for your application and system. Restart the applications, and you are in operation with your new certificate.

j. Apache (For details URL

k. Stunnel (For Details URL

l. Distributing CA Certificates (For Details URL

m. Renewing Certificates(For Details URL


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: