ConcourseConnect Support


Using SSL with Apache Tomcat and APR

Posted by Matt Rajkowski on June 21, 2012 7:25 AM EDT
Matt Rajkowski photo

Here are some notes on using Tomcat with SSL. The default Tomcat uses a Java keystore, while a Tomcat with the native libraries installed uses APR.

The most versatile way of using SSL with Java is to first generate a self-signed certificate using a Java keystore. From there, you will have to obtain a signed certificate from a certificate authority (like GoDaddy) and then import it into the keystore you have used for the self-signed cert.

Using Java keytool, import the registrar's bundle and then the signed certificate, this results in the following messages:

Certificate was added to keystore
Certificate reply was installed in keystore

At this point the keystore can be used directly with Tomcat, or if Tomcat APR is being used then you must export the private key and certificates as PEM encoded files. Keytool doesn't export private keys, as far as I know. So, over the years I've been using an Open Source product called Portecle in which I open the keystore and then choose to export the "Private Key and Certificates" as "PEM Encoded" and then copy the generated *.pem file and the *.crt file straight from GoDaddy into Tomcat. That's it, then just use them with Tomcat APR.

If Tomcat is upgraded on that server then you must also install APR or just use the keystore file directly.

If you have a different or better way please post your comments.

There is 1 comment



Why don't use a control panel (example: cpanel) to have the SSL installed in the account in a few clicks? I've my <a href="">Java hosting</a> account with OC, and SSL option in their control panel install and map all requests to tomcat port to apache automatically.

Ashwin Pathmanabhan photo
Ashwin Pathmanabhan

5 years ago

Sign in to add your comment.

Recent Posts

Introducing data-driven tabs
Connect allows you to build a site with directories of information. The platform comes with several...
read more
Introducing Customization Packs for ConcourseConnect
The ConcourseConnect platform is customized using customization packs. Customization packs allow a...
read more
What's new with ConcourseConnect?
Over at the official ConcourseConnect Wiki, the changelog for version 4.0 has been updated. There...
read more
ConcourseConnect Updates Available (20121203)
This update is recommended for all installations of ConcourseConnect, adding Tomcat 7 compatibility,...
read more
Using SSL with Apache Tomcat and APR
Here are some notes on using Tomcat with SSL. The default Tomcat uses a Java keystore, while a...
read more
ConcourseConnect 3.0
An exhaustive list of features that have been added to ConcourseConnect can now be found in the...
read more
ConcourseConnect 2.0.1 Released
This release of ConcourseConnect is compiled for Java 5 and up. We've fixed a wiki export bug and...
read more
ConcourseConnect 2.0 Released
Today we're releasing ConcourseConnect 2.0. The compiled version is available now (direct download...
read more
Planning for ConcourseConnect 2.0
Now that 2.0 could be released at any moment, I wanted to do a quick write up of what to expect. You...
read more

Go to blog