Creating SSL Keystore For Apache Tomcat Using Keytool and BouncyCastle

This post is explaining how to create your own ssl keystore file and using it in your Android applications. I have taken the example from http://stackoverflow.com/questions/4065379/how-to-create-a-bks-bouncycastle-format-java-keystore-that-contains-a-client-c.

Download bouncycastle JAR from http://repo2.maven.org/maven2/org/bouncycastle/bcprov-ext-jdk15on/1.47/bcprov-ext-jdk15on-1.47.jar
Configure BouncyCastle for PC using one of the below methods.
Adding the BC Provider Statically (Recommended)

Copy the bcprov-ext-jdk15on-1.47.jar to each
jdk1.6.0_33\jre\lib\ext (JDK bundled JRE)
jre1.6.0_33\lib\ext (JRE)
C:\ (location to be used in env variable)
Modify the java.security file under
jdk1.6.0_33\jre\lib\security
jre1.6.0_33\lib\security
and add the following entry
security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider
Edit your path and add this entry:

c:\bcprov-ext-jdk15on-1.47.jar
Generate the Keystore using Bouncy Castle
Run the following command
keytool -genkey -alias changeit -keystore C:/changeit.keystore -storepass changeit -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider

Note: You should write your ip when it asks: What is your first and last name?
This generates the file C:\changeit.keystore

Run the following command to check if it is properly generated or not
keytool -list -keystore C:\changeit.keystore -storetype BKS

Configure BouncyCastle for TOMCAT

Open apache-tomcat-6.0.35\conf\server.xml and add the following entry
<Connector port=”8443″ keystorePass=”changeit” alias=”changeit” keystore=”c:/changeit.keystore” keystoreType=”BKS” SSLEnabled=”true” clientAuth=”false” protocol=”HTTP/1.1″ scheme=”https” secure=”true” sslProtocol=”TLS” sslImplementationName=”org.bouncycastle.jce.provider.BouncyCastleProvider”/>

Restart the server after these changes.

Go to https://localhost:8443/, you should see Tomcat homepage.

You should check Stackoverflow link above to get whole example. I should say that Vipul has made a great work.

Advertisements

10 thoughts on “Creating SSL Keystore For Apache Tomcat Using Keytool and BouncyCastle

  1. Xavier says:

    Hi !

    There is a very tricky mistake in this post relative to TOMCAT connector configuration :

    Instead of attribute keystore=”c:/changeit.keystore”, prefer keystoreFile=”c:/changeit.keystore”.

    I struggled a while before finding this, receiving “Wrong keystore version” IOException at TOMCAT startup.

  2. Xavier says:

    Hello Gokceng,

    I am facing an issue with this configuration on OSX. I left a question here : http://stackoverflow.com/questions/19505042/bouncycastleprovider-fails-to-load-at-tomcat-7s-startup-on-a-mac-osx

    Any idea ?

    Thanks in advance.

  3. castle hire says:

    We are a bunch of volunteers and starting a brand new scheme in our community.

    Your web site provided us with valuable information to work on.

    You’ve performed an impressive activity and our whole community can be thankful to you.

  4. I enjoy what you guys tend to be up too. Such clever work and reporting!
    Keep up the excellent works guys I’ve added you guys to my own blogroll.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s