Overslaan naar hoofdinhoud
ESET PROTECT Webconsole ( Apache Tomcat) - SSL Certificate from windows keystore - Kennisbank / ESET PROTECT - ESET Tech Center
ESET PROTECT Webconsole ( Apache Tomcat) - SSL Certificate from windows keystore
-
Voor het laatst bijgewerkt door: 26 okt 2022 door Mitchell | ESET Nederland
Pre-requisites:
- Certificate in p12 or pfx format (with private key)
Configuring Apache Tomcat:
- open powershell as the service account used by Apache Tomcat:
runas /user:domain\sa-eset powershell.exe - Open certmgr.msc in the powershell session running as the service account.
certmgr.msc - In certmgr.msc import the certificate into the Personal store:
- Note that the "friendly name" should contain a value in order for Apache Tomcat to use the certificate, if the friendly name value is empty, right click the certificate after importing and select properties:
Fill in the friendly name field:
- Go back to the powershell session and verify the certificate exists:
dir Cert:\CurrentUser\My
- Open the Apache Tomcat server.xml, by default located at: "C:\Program Files\Apache Software Foundation\apache-tomcat-9.0.64\conf\server.xml" (path may vary, based on installed version of Apache Tomcat)
A. Find the following line:
<Connector server="OtherWebServer" port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Program Files\Apache Software Foundation\apache-tomcat-9.0.64\.keystore" keystorePass="********" keyAlias="tomcat" sslEnabledProtocols="TLSv1.2,TLSv1.3" honorCipherOrder="true" ciphers="TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" />
B. Change it to: (note that the keyAlias value should match the friendly name set in step 4.
<Connector server="OtherWebServer" port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreType="Windows-My" keystoreFile="" keystorePass="" keyAlias="tomcat" sslEnabledProtocols="TLSv1.2,TLSv1.3" honorCipherOrder="true" ciphers="TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation" />
- Restart the Apache Tomcat Service, It should now use the certificate from the certificate store.
- Auteur
- Mitchell | ESET Nederland
- Creation date
- 26 okt 2022
- Last update
- 26 okt 2022
- Publish date
- 26 okt 2022
Reactie toevoegen
Log in of registreer om een reactie te plaatsen.