Using SSL with Apache Tomcat and APR
Posted by Matt Rajkowski on June 21, 2012 7:25 AM EDT
Here are some notes on using Tomcat with SSL. The default Tomcat uses a Java keystore, while a Tomcat with the native libraries installed uses APR.
The most versatile way of using SSL with Java is to first generate a self-signed certificate using a Java keystore. From there, you will have to obtain a signed certificate from a certificate authority (like GoDaddy) and then import it into the keystore you have used for the self-signed cert.
Using Java keytool, import the registrar's bundle and then the signed certificate, this results in the following messages:
Certificate was added to keystore
Certificate reply was installed in keystore
At this point the keystore can be used directly with Tomcat, or if Tomcat APR is being used then you must export the private key and certificates as PEM encoded files. Keytool doesn't export private keys, as far as I know. So, over the years I've been using an Open Source product called Portecle in which I open the keystore and then choose to export the "Private Key and Certificates" as "PEM Encoded" and then copy the generated *.pem file and the *.crt file straight from GoDaddy into Tomcat. That's it, then just use them with Tomcat APR.
If Tomcat is upgraded on that server then you must also install APR or just use the keystore file directly.