Escrito por Soporte Incared
Configuración en TOMCAT:
nano /opt/tomcat/conf/server.xmlConfigurar el conector del KEYSTORE:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true"
compression="on" scheme="https" secure="true"
keystoreFile="/home/user/cert/incared.net.jks"
keystorePass="Password-de-Keystore"
SSLVerifyClient="none" SSLProtocol="TLSv1.2"- Crear Key tool TOMCAT linux – WINDOWS
mkdir /home/user/cert/
#copiar certificado válidos:
private_key.pem
public_key.pem
incared.pfxkeytool -genkeypair -alias incared.net -storetype jks -keystore incared.net.jks -validity 366 -keyalg RSA -keysize 4096Listar certificados en JSK
keytool -list -keystore /home/user/cert/incared.net.jskCRT to DER
openssl x509 -in cert.crt -inform PEM -out cert.der -outform DEREliminar alias de keystore de ( PrivateKeyEntry )
keytool -delete -alias incared.net -keystore incared.net.jks ##opcionalImportar clave privada de certificado PrivateKeyEntry:
keytool -importkeystore -srckeystore server.p12
-destkeystore incared.net.jks -srcstoretype pkcs12 -alias claveprivada2. Importar trustedCertEntry Certificate fingeprint
keytool -importkeystore -srckeystore incared.p12 -destkeystore incared.net.jks -srcstoretype pkcs12 -alias incared.net ## reemplazar alias inicial creado.keytool -import -trustcacerts -alias example.com -file cert.der -keystore incared.net.jks
##importar clave publica
3. PFX a CRT
openssl pkcs12 -in incared.pfx -clcerts -nokeys -out incared.crt4. Importar certificado válido a keystore creado
keytool -import -trustcacerts -alias incared2.net -file incared.crt -keystore incared.net.jks ##alias debe ser distinto al private KEYReiniciar TOMCAT
systemctl restart tomcat