Have you installed the Java Runtime Environment and Apache Tomcat yet? If not, follow these steps first!
Since we are using the Tomcat APR connector, we use OpenSSL instead of the default SSL implementation. In this step, a Certificate Signing Request will be generated at the server, which can be used to request a SSL certificate. An OpenSSL binary for Windows is included in the Tomcat Native Connector distribution.
Please replace $tomcat with the correct Tomcat installation folder name, such as C:\Program Files\Apache Software Foundation\Tomcat 7.0.
|OpenSSL||newer is better (1.0.1 preferred)|
For Windows the OpenSSL binary can be found in the Tomcat native libs: http://files.eveoh.nl/tomcat-native-1.1.33-win32-bin.zip
For Linux OpenSSL is usually already installed, please consult the package manager of your OS if this is not the case.
Requesting an SSL certificate
At first, a Certificate Signing Request (CSR) will be generated at the server.
- Create a file openssl.cnf with the following contents. Replace the values between << >> with appropriate values for your institution.
- Open the Command Prompt
- Generate a private key using openssl. Please enter a safe password and make sure to remember it.
- Generate a CSR. Press enter when the program asks for settings (which should already be entered into the openssl.cnf file).
- Use the CSR to request a certificate from your certificate provider.
Convert PEM files to PKCS12
Usually, your SSL Certificate Authority will send you a PEM encoded certificate. Also, the files created above are all PEM encoded. To convert the PEM encoded files to PKCS12 format, you can use the following command (replace filenames where necessary):
Converting PKCS7 to PEM files
If you certificate comes in a p7b files, you need to split the certificate first. Run the following command:
This will output the certificate and the CA certificates. Save the certificate in a new file (PEM extension) and save the intermediate CA certificates in a separate file.
Checking the SSL certificate
With MyTimetable published to the internet, it might be a good idea to test the SSL configuration of the server.
Please visit https://www.ssllabs.com/ssltest/ to perform a deep analysis of the SSL configuration.