... Continuing
If you are planning HTTPS...
1. Buy a SSL certificate from any vendor (Preferably from the same vendor where you have the domain). I've purchased from GoDaddy. They have lot of coupons available around internet.
I've purchased the DV (Domain Verification, Standard) SSL for rs824. Last year, I've bought the same for soem around rs500+
2. Use this link to generate tomcat.keystore and csr.csr
https://cl.godaddy.com/help/tomcat-generar-csr-e-instalar-certificados-5239?lang=en
From the generated csr.csr, copy ALL text and paste it in GoDaddy key management csr input field. After that, it will check the domain verification and give you the certificate files with your domain name. Download those and scp to ec2 instance.
Follow below instruction to generate tomcat.keystore and csr.csr on ec2 instance.
Install the mysql server on ubuntu ec2 instance.
1. sudo apt-get update
2. sudo apt-get install mysql-server
>>> sudo mysql -u root
(note: no -p required as it has not password and sudo is required)
inside mysql create a new user and grant all privliges.
mysql> CREATE USER 'newuser' IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'localhost';
mysql> FLUSH PRIVILEGES;
mysql> SHOW GRANTS FOR 'newuser'
If you are planning HTTPS...
1. Buy a SSL certificate from any vendor (Preferably from the same vendor where you have the domain). I've purchased from GoDaddy. They have lot of coupons available around internet.
I've purchased the DV (Domain Verification, Standard) SSL for rs824. Last year, I've bought the same for soem around rs500+
2. Use this link to generate tomcat.keystore and csr.csr
https://cl.godaddy.com/help/tomcat-generar-csr-e-instalar-certificados-5239?lang=en
From the generated csr.csr, copy ALL text and paste it in GoDaddy key management csr input field. After that, it will check the domain verification and give you the certificate files with your domain name. Download those and scp to ec2 instance.
Follow below instruction to generate tomcat.keystore and csr.csr on ec2 instance.
To Generate a Keystore and CSR in Tomcat
- Enter the following command into keytool to create a keystore:keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore
- Enter a Password. The default is changeit.
- Enter Distinguished Information:
- First and Last Name — The fully-qualified domain name, or URL, you're securing. If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.coolexample.com.
- Organizational Unit — Optional. If applicable, you can enter the DBA name in this field.
- Organization — The full legal name of your organization. The listed organization must be the legal registrant of the domain name in the certificate request. If you are enrolling as an individual, please enter the certificate requestor's name in Organization, and the DBA (doing business as) name in Organizational Unit.
- City/Locality — Name of the city in which your organization is registered/located — do not abbreviate.
- State/Province — Name of state or province where your organization is located — do not abbreviate.
- Country Code — The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.
- Enter the following command into keytool to create a CSR:keytool -certreq -keyalg RSA -alias tomcat -file csr.csr -keystore tomcat.keystore
- Enter the Password you provided in Step 2.
- Open the CSR file, and copy all of the text, including
----BEGIN NEW CERTIFICATE REQUEST----
and----END CERTIFICATE REQUEST---- - Paste all of the text into the online request form and complete your application.
For more information about completing the online request form, see Request an SSL certificate (Deluxe or Extended Validation).
After you submit the application, we begin vetting your request. You will receive an email with more information when this process is complete.
Please note, axxx.crt is the issued certificate and gd_bundlexxx.crt is the root and the other gdig2.crt.pem is the intermediate certificate. Run the below command by placing all certs and tomcat.keystore in once place.
Installing Your SSL in Tomcat
After the certificate is issued, download it from the Certificate Manager and place it in the same folder as your keystore. Then, using keytool, enter the following commands to install the certificates.
To Install Your SSL in Tomcat
- Install the root certificate by running the following command:keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file [name of the root certificate]
- Install the intermediate certificate by running the following command:keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file [name of the intermediate certificate]
- Install the issued certificate into the keystore by running the following command: keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file [name of the certificate]
- Update the
server.xmlfile with the correct keystore location in the Tomcat directory.Note: The HTTPS connector is commented out by default. Remove the comment tags to enable HTTPS.- Tomcat 4.x — Update the following elements in server.xml for Tomcat 4.x:
clientAuth="false"
protocol="TLS" keystoreFile="/etc/tomcat5/tomcat.keystore"
keystorePass="changeit" /> - Tomcat 5.x, 6.x and 7.x — Update the following elements in server.xml for Tomcat 5.x, 6.x and 7.x:
<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> <Connector port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="[path to your keystore file]" keystorePass="changeit" clientAuth="false" sslProtocol="TLS"/>
- Tomcat 4.x — Update the following elements in server.xml for Tomcat 4.x:
- Save your changes to server.xml, and then restart Tomcat to begin using your SSL. Your SSL Certificate is installed. If you have problems, please see Test your SSL's configuration to help diagnose issues.
