This article is dedicated to Junjiang, a member in LowEndTalk.
In the received email, we would have some long line with the code like bellow :
| MUST BE INSTALLED ON YOUR WEB SERVER: Your SSL Certificate (Formatted for the majority of web server software including IIS and Apache based servers): -----BEGIN CERTIFICATE----- MIIEwjCCA6qgAwIBAgISESG0oF5qDhFRTOer2K4ezFMvMA0GCSqGSIb3DQEBBQUA k6zVnkLbO61NznKk7OqVHYS+ZHpo6g== -----END CERTIFICATE----- Intermediate Certificate: -----BEGIN CERTIFICATE----- MIIELzCCAxegAwIBAgILBAAAAAABL07hNwIwDQYJKoZIhvcNAQEFBQAwVzELMAkG +MPpZqmyIJ3E+LgDYqeF0RhjWw== -----END CERTIFICATE----- |
Copy paste the line from the SSL Certificate and the Intermediate Certificate into one file, for example the file is /etc/ssl/httpd/erawan.me.crt :
| -----BEGIN CERTIFICATE----- MIIEwjCCA6qgAwIBAgISESG0oF5qDhFRTOer2K4ezFMvMA0GCSqGSIb3DQEBBQUA k6zVnkLbO61NznKk7OqVHYS+ZHpo6g== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIELzCCAxegAwIBAgILBAAAAAABL07hNwIwDQYJKoZIhvcNAQEFBQAwVzELMAkG +MPpZqmyIJ3E+LgDYqeF0RhjWw== -----END CERTIFICATE----- |
Configure the Nginx
Because I’m using Minstall for configuring my vps, the Nginx configuration would be at /etc/nginx/host.d/erawan.me.conf :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | server { listen 443 ssl; server_name erawan.me; ssl_certificate /etc/ssl/http/erawan.me.crt; ssl_certificate_key /etc/ssl/http/erawan.me.key; access_log off; error_log /home/erawan/http/logs/erawan.me.log; index index.html index.php; root /home/erawan/http/erawan.me; try_files $uri $uri/ /index.php; client_max_body_size 2000M; include /etc/nginx/conf.d/cache.conf; include /etc/nginx/conf.d/deny.conf; include /etc/nginx/php.d/erawanarifn.conf; } |
Restart the Nginx, and it’s all done 
Configuration on Tomcat:
To install your SSL Certificate, perform the following steps:
1. Import the appropriate root certificates using:
$ keytool -import -trustcacerts -keystore mystore.kdb -alias root - file root.cer
"mystore.kdb" being your keystore.
2. Import the "yourdomain.cer" file using:
keytool -import -trustcacerts -keystore mystore.kdb -alias tomcat -file yourdomain.cer
With "mystore.kdb" being your keystore.
Update server.xml configuration file:
1. Open "$JAKARTA_HOME/conf/server.xml" in a text editor.
2. Find the following section:
- <!--
Define a SSL Coyote HTTP/1.1 Connector on port 8443
-->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="100" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true">
<Factory
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="false"
protocol="TLS"
keystoreFile="mystore.kdb"
keystorePass="YOUR_KEYSTORE_PASSWORD" />
</Connector>
3. If you want Tomcat to use the default SSL port, change all instances of the port number "8443" to 443.
4. Start or restart Tomcat