Generate a .cert and .key certificate?

Navigation
0

I am very new to the generation and operation of certificates. A company x needs your page to be secure (https), for that I know they need a certificate, when I ask them to give me the certificate they send me 3 files: 

(certificate.ca.crt ; certificate.crt ; certificate.key)

I must mention that it should not be a self-signed certificate! I must add the certificate to my Tomcat server!

My question is how do I build my certificate from these 3 files? Also, how do I know that they are not self-signed certificates and that they are given or built by some certification authority?

    
asked by Maicoly Guerrero 06.11.2018 в 15:53
source

2 answers

1

SSL certificates must be issued by a authorized entity , otherwise browsers will mark you the site is not safe.

If your client does not want to buy a certificate yet, the following site issues free and authorized certificates for short periods, you do not require much knowledge to do so:

link

Regarding the files:

certificate.ca.crt - > Certificate of the certifying entity

certificate.crt - > Certificate of your site (public key)

certificate.key - > Private key

This Google site can help you a lot to start: link

Unfortunately I can not help you much with Tomcat, but I leave you some references that maybe you can help yourself:

Apache Tomcat SSL / TLS Configuration HOWTO

Installing SSL Apache Tomcat

How to get an SSL certificate for your domain - Google Domains Help

Let's Encrypt Free Certification Entity

    
answered by 06.11.2018 в 17:01
0

My understanding and solution: I was hanging around the net and this is what I investigated:

This will show information from the certifying entity such as the certificate domain and other information:   openssl x509 -in certificate.crt -text

To create the keystore (p12), convert to cert in PKCS12 using openssl 

openssl pkcs12 -export -in [my_certificate.crt] -inkey [my_key.key] -out [keystore.p12] -name [new_alias] -CAfile [my_ca_bundle.crt] -caname root

  • You can also use a tool (.jar) to create the keystore link (optional)

  • To configure the Tomcat, stop the tomcat, edit the server.xml file (../tomcat7/conf/server.xml) something like this: 

        <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true"
       clientAuth="false" sslProtocol="TLS"
       keystoreFile="/RutaAlArchivo/keystore.p12" keystorePass="password"/>

  • Running the tomcat.

answered by 06.11.2018 в 20:17
Problem java characters in Eclipse Help with SQL query (several records in the same field)