making connection Secure in Tomcat with SAN

 How to resolve the "Not secure" warning on the browser to make your application secure.

You need to configure the SSL in your application to  avoid the - connection not secure - warning. Based on your application deployed in Weblogic or Tomcat, below are high level steps to configure that:

1. Create a Java Keystore in the application installed server
2. Generate CSR
3. Send the CSR to your CA (IT Team)
4. Get the signed intermediate and root certs from CA
5. Import these certs to keystore with same alias
6. Adjust Tomcat / WebLogic settings

 

Steps for  making the connection secure in Tomcat.

 Below two commands generate the Keystore and CSR with Subject Alternative Names.

 keytool -alias server -keystore "D:\server.keystore"  -storepass changeit -deststoretype pkcs12   -genkeypair -keyalg RSA -validity 1000 -keysize 2048  -sigalg SHA256withRSA   -dname "CN=ddd.ddd.dd,O=DN,OU=DN=Ddd,ST=Ddd,C=DN"   -ext  "SAN=IP:ip,DNS:host,EMAIL:mailid"

 

2. keytool -keystore "D:\server.keystore" -certreq -alias server -keyalg RSA -file "D:\server.csr" -ext "SAN=IP:ip,DNS:host,mailid"

 

       Once we receive the CA signed Root certificate, Intermediate certificate and  server certificateà need to import the certificates in the keystore already created with same alias  server for server certificate.

 

3. keytool -import  -alias root -keystore "D:\server.keystore"   -file "D:\rootca.cer"

 

4. keytool -import  -alias intermediate -keystore "D:\server.keystore"   -file  "D:\intermediateca.cer"

 

5. keytool -import  -alias server -keystore "D:\server.keystore"   -file "D:\serverprd.cer"

 

6. change the server.xml with this keystore and restart the Tomcat.

 

Tomcat example