How to import an existing SSL certificate for use in Tomcat

この記事はアトラシアンのサーバー製品にのみ適用されます。クラウドとサーバー製品の違いについてはこちらをご確認ください。

目的

If you have an existing SSL certificate and you want to use this certificate in Tomcat you need to follow specific steps to import the certificate. This article describes these steps.

ソリューション

仮定

This article assumes that you have the following available in separate files:

  1. A private key
  2. A certificate belonging to the private key
  3. The certificate of the authority that issued the certificate

It also requires that you have OpenSSL installed on the machine where you are running the commands described.

Finally, it also assumes that you have an existing Tomcat keystore to import the certificate into.



1. Combine the private key and the certificate into a PKCS12 keystore

If you already have a PKCS12 file that contains the certificate which you want to import and the private key belonging to it, then you can skip to step 2.



The first step is to combine the private key and the certificate into a PKCS12 keystore which will be used in the second step. This is required because Java's keytool utility does not allow you to import a private key and certificate from individual files. To do this, run the command below:

openssl pkcs12 -export -in <certfile> -inkey <keyfile> -out <keystorefile> -name tomcat -CAfile <cacertfile> -caname root

where <certfile> is the path to the file that contains the certificate you wish to import, <keyfile> is the path to the file that contains the private key that belongs to the certificate, <keystorefile> is the path to the PKCS12 keystore you want to create (you can choose a location yourself, but the file must not exist yet), and <cacertfile> is the path to the file that contains the certificate (chain) of the certificate authority that issued the certificate which you're trying to import. 


When you execute the command you'll be asked for a password for the PKCS12 keystore. You can choose one, but for the sake of simplicity changeit is a good option, since it is the default password that Tomcat expects. Once the command has completed executing, verify that <keystorefile> now exists.

2. Merge the Tomcat keystore and the PKCS12 keystore to import the certificate and private key

You will now need to merge the Tomcat keystore and PCS12 keystore, which imports the certificate and private key into Tomcat's keystore. To do that, run the following command:

keytool -importkeystore -deststorepass <keystorepass> -destkeypass <keystorepass> -destkeystore <tomcatkeystorefile> -srckeystore <keystorefile> -srcstoretype PKCS12 -srcstorepass <keystorepass> -alias tomcat

where <keystorepass> is the password you chose when you were prompted in step 1, <tomcatkeystorefile> is the path to the keystore of Tomcat, and <keystorefile> is the path to the PKCS12 keystore file created in step 1.

Once the command has completed the Tomcat keystore at <tomcatkeystorefile> contains the certificate and private key you wanted to import. Restart your Atlassian application to make the changes effective.


説明 If you have an existing SSL certificate and you want to use this certificate in Tomcat you need to follow specific steps to import the certificate. This article describes these steps.
製品 Jira, Confluence, Bamboo, Bitbucket, Fisheye
プラットフォーム Server, Cloud, Data Center
最終更新日: 2018 年 9 月 2 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.