Mostrando postagens com marcador tomcat. Mostrar todas as postagens
Mostrando postagens com marcador tomcat. Mostrar todas as postagens
Config Tomcat SSL
<Connector port="8080" protocol="HTTP/1.1"
compression="on"
compressionMinSize="1024"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8443" maxHttpHeaderSize="8192"
enableLookups="false" maxThreads="150"
disableUploadTimeout="true" acceptCount="100" scheme="https"
secure="true" SSLEnabled="true" clientAuth="false" protocol="org.apache.coyote.http11.Http11NioProtocol"
sslProtocol="TLS" keystoreFile="<PATH to .jks>"
keystorePass="PASSWORD" />
Hide tomcat info
Open the server.xml file located in the <tomcat directory>/conf.
Enter the following value in the <Host tag:
<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false"/>
JKS from P12 for tomcat
keytool -importkeystore -srckeystore certificate.p12 -destkeystore certificate.jks -srcstoretype PKCS12 -deststoretype JKS
Tomcat as non root user
run
setcap cap_net_bind_service+ep /path/to/bin/javaex: setcap cap_net_bind_service+ep /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java
JKS and Openssl commands
Java Keytool Command
These commands allow you to generate a new Java Keytool keystore file, create a CSR, and import certificates. Any root or intermediate certificates will need to be imported before importing the primary certificate for your domain.
- Generate a Java keystore and key pair
keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048
- Generate a certificate signing request (CSR) for an existing Java keystore
keytool -certreq -alias mydomain -keystore keystore.jks -file 8gwifi.csr
- Import a root or intermediate CA certificate to an existing Java keystore
keytool -import -trustcacerts -alias root -file 8gwifiCA.crt -keystore keystore.jks
- Import a signed primary certificate to an existing Java keystore
keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks
- Generate a keystore and self-signed certificate
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
- Check a stand-alone certificate
keytool -printcert -v -file 8gwifi.crt
- Check which certificates are in a Java keystore
keytool -list -v -keystore keystore.jks
- Check a particular keystore entry using an alias
keytool -list -v -keystore keystore.jks -alias mydomain
- Delete a certificate from a Java Keytool keystore
keytool -delete -alias 8gwifi -keystore keystore.jks
- Change a Java keystore password
keytool -storepasswd -new new_storepass -keystore keystore.jks
- Export a certificate from a keystore
keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks
- List Trusted CA Certs
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
- Import New CA into Trusted Certs
keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts
OpenSSL Commands
- Generate a new private key and Certificate Signing Request
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privatekey.key
- Generate a self-signed certificate
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privatekey.key -out certificate.crt
- Generate a certificate signing request (CSR) for an existing private key
openssl req -out CSR.csr -key privatekey.key -new
- Generate a certificate signing request based on an existing certificate
openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privatekey.key
- Remove a passphrase from a private key
openssl rsa -in privateKey.pem -out newprivatekey.pem
- Convert a DER file (.crt .cer .der) to PEM
openssl x509 -inform der -in certificate.cer -out certificate.pem
- Convert a PEM file to DER
openssl x509 -outform der -in certificate.pem -out certificate.der
- Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
openssl pkcs12 -in keyStore.pfx -out keystore.pem -nodes
You can add -nocerts to only output the private key or add -nokeys to only output the certificates.
- Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile
Importing a SSL certificate into a Java Keystore via a PKCS12 file
Here are the instructions on how to import a SSL certificate into the Java Keystore from a PKCS12 (pfx or p12) file.
- Create a new keystore
- Navigate to C:\Program Files\Java\jdk_xxxx\bin\ via command prompt
- Execute: keytool -genkey -alias mycertificate -keyalg RSA -keysize 2048 -keystore mykeystore
- Use password of: Use the same password/passphrase as the PKCS12 file
- What is your first and last name? (should be the dns you're going to use) [Unknown]: server.mydomain.com
What is the name of your organizational unit? [Unknown]: MyCompanysITDepartment
What is the name of your organization? [Unknown]: MyCompany
What is the name of your City or Locality? [Unknown]: CITY
What is the name of your State or Province? [Unknown]: STATE
What is the two-letter country code for this unit? [Unknown]: US
Is CN=...................................... correct? [no]: yes
Enter key password for <mycertificate>
(RETURN if same as keystore password): Hit Return/Enter
- Empty the keystore
- Execute via command prompt: keytool -delete -alias mycertificate -keystore mykeystore
- Ensure nothing is in the keystore by executing: keytool -v -list -keystore mykeystore
- Import the PKCS12 File
- Execute via command prompt: keytool -v -importkeystore -srckeystore whateverthefileis.p12 -srcstoretype PKCS12 -destkeystore mykeystore -deststoretype JKS
- Enter the PKCS12 password/passphrase for both the Source and Destination password.
source: https://jackstromberg.com/2013/05/importing-a-ssl-certificate-into-a-java-keystore-via-a-pkcs12-file/
Assinar:
Postagens (Atom)