This page demonstrate How to enable HTTPS for a website/ How to install security certificate...
Its very cumbersome for first time user. Specially for ones who wants to run his own website and want to make his site secure with HTTPS enablement.
Here is the steps to enable HTTPS for your website.
1. Buy SSL certificate online from any CA authority.
Buying certificate is very easy. I bought it from namecheap.com. For payment you may need to have a international credit card.
Buy certificate of type DV(Domain Value) if you are a individual want to run your site with HTTPS.
2. Generate CSR.
To issue a certificate as prerequisite you need to generate CSR from you server where your site is running. You need to provide the CSR to the CA after placing the order online.
Every certificate seller prodive detail documentation on how to generate CSR. You should follow the steps provided by them.
If you are running your site in Tomcat and Java.
A) First generate the keystore and private key with the following command.
C:\sw\Java\jdk\bin>keytool -genkey -keysize 2048 -keyalg RSA -alias tomcat -keystore <codeforallkeystore.jks>
B) Once the keystore and Private key are generated it’s time to generate the CSR itself.
To generate the CSR you need to run the command below using the keystore with the Private Key you established in the step above:
C:\sw\Java\jdk\bin>keytool -certreq -alias tomcat -file easycodeforallcsr.csr -keystore codeforallkeystore.jks
Enter keystore password and notedown it.
3. Provide CSR (upload in their site) to CA (from where you bought the certificate.).
Once CSR file has been generated. contents of this CSR file needs to be copied/pasted/provided to their site.
4. Validation. CA will provide a text file. you need to upload it in your site so that they can validate that you are really the owner of your site.
There are 3 mehods of validatation. But easiest one is to uploading a text file (provided by them) into your site so that they can access it and validate your site as you are the owner.
Normally CA will provide you the validation file in email or you need to download it from their site.
5. Receiving the certificate.
Once validation is done.You will receive the certificate in email or you need to download from their site.
6. Install the certificate.
Once you receive the certificate, you need to install it in your keystore so that tomcat server can access it.
C:\sw\Java\jdk\bin>
keytool -import -trustcacerts -alias tomcat -file certificatename.p7b -keystore codeforallkeystore.jks
5. Add a HTTPS connector in C:\tomcat\tomcat-9.0.4\conf\server.xml for tomcat.
After certificate installation you need to add a connector in server.xml for tomcat (uncomment it in server.xml)
<?xml version="1.0" encoding="UTF-8"?>
<Connector SSLEnabled="true" maxThreads="150" port="443"
protocol="org.apache.coyote.http11.Http11NioProtocol">
<SSLHostConfig>
<Certificate certificateKeystoreFile="C:/sk/jdk/bin/codeforallkeystore.jks"
certificateKeystorePassword="password" type="RSA"/>
</SSLHostConfig>
</Connector>
5. Redirect HTTP traffic to HTTPS port. C:\sw\apache_tom\tomcat-9.0.4\conf\web.xml change for tomcat.
If you want to redirect to 443 (https port) from 80 port, add the following entry in server.xml and web.xml
conf/Server.xml:
<?xml version="1.0" encoding="UTF-8"?>
<Connector connectionTimeout="20000" port="80" protocol="HTTP/1.1" redirectPort="443"/>
conf/Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTPSOnly</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
