Getting SSL working with a self signed certificate for local development was poorly documented everywhere I looked. Step by Step guide
1.Create an alias in your hosts file.
To do this you need to know your ip address. Once you do, open
and add the entry with your ip address. EG:
Now, assuming you are running apache tomcat, you should be able to navigate to
and see the same content as localhost:8084
2. Generate an entry in the keystore file for your alias.
The part in bold must match your hosts file entry, eg, my command was (note, I am using the keystore provided with my JDK) (note, to see which of your installed JDk’s Netbeans is using:
C:\Program Files\NetBeans 7.x\etc\netbeans.conf
keytool -genkey -alias my.gelniris.com -keyalg RSA -keystore “C:\Program Files\Java\jdk1.7.0_71\jre\lib\security\cacerts”
You are asked for you password. The default password is ‘changeit’.
You are now asked to enter your name. enter your name as whatever value your alias is. In my case I entered the name as my.gleniris.com
- ‘keystore’ is not recognsed as an internal or external command. – Make sure the following directory (or your equivalent) is in the PATH environment variable. EG “C:\Program Files (x86)\Java\jre6\bin”
- access is denied / file not found exception for cacerts. – This was on Windows 7 and there were access issues. I needed to run command window as an administrator.
3.Configure Apache Tomcat to Allow Https connections
Navigate to server.xml which is located in your tomcat’s conf directory. Find the section “Define a SSL HTTP/1.1 Connector on port 8443” Add the below part to it. Do not uncomment anything, this should be all you need with the italics requiring you to add in your own values. Note: The part in bold is left out of most tutorials I found which caused me delays, hence this blogpost. Note that the default password for the cacerts file which came with the JDK is ‘changeit’
<Connector port=”8443″ protocol=”org.apache.coyote.http11.Http11Protocol” maxThreads=”150″ scheme=”https” secure=”true” SSLEnabled=”true” keystoreFile=”C:/Program Files/Java/jdk1.7.0_71/jre/lib/security/cacerts” keystorePass=”changeit” clientAuth=”false” keyAlias=”my.gleniris.com” sslProtocol=”TLS”/>
Restart Apache Tomcat. Note, if you are using Netbeans (like I am) you will also have to edit the server.xml in the Catalina base. You can find where catalina base is by clicking on the Tomcat server in Netbeans.
4.Copy the certificate which you have generated
Using Chrome, attempt to navigate to the secure section of your site. For me, it was (Note the HTTPS protocol):
Click on the broken red padlock in the address bar and Click the Certificate Information >
Details tab > Copy To file > Export. Save it as the defaut .cer file type. Save it with the same name as you alias. For me this file is named:
5.Create an entry in the trusted certificate publishers directory of your machine
Open a command window and type
Expand the ‘Trusted Publishers’ directory. Using the menu bar, select action >All Tasks >Import, and import the file you created in step 4. Repeat this process in the ‘Trusted Root Certification Authorities’ directory. Restart your machine.
Note, syntax for keytool -delete
What an enormous pain in the b****x this proved to be.
The Why: http://www.larryullman.com/2012/11/14/getting-an-ssl-certificatesetting-up-https/