Set up Tomcat with OCSP certificates with OM Web Viewer 12.1
search cancel

Set up Tomcat with OCSP certificates with OM Web Viewer 12.1

book

Article ID: 203382

calendar_today

Updated On:

Products

Output Management Web Viewer

Issue/Introduction

Tomcat needs to query the certificates thorough OCSP (Online Certificate Status Protocol )

Environment

  • Output Management Web Viewer 12.1
  • Apache Tomcat®
  • Java

 

Resolution

  1. Use the Java keytool to generate a self signed certificate.  It's OK to generate the OCSP certificate with keytool.  No need to download and use Openssl as it specifies on the Tomcat website.
  2. Submit to CSR
  3. CSR will submit to CA
  4. CA will generate signed certificate and return
  5. Import certificates into the .jks file (keystore).
  6. Edit the Tomcat server.xml to point to the keystore.

For example:

 <Connector protocol="org.apache.coyote.http11.Http11Nio2Protocol"
               port="8443" maxThreads="200"
               scheme="https" secure="true" SSLEnabled="true"
               keystoreFile="C:\tomcat.jks" keystorePass="WebView12"  
               clientAuth="false" sslProtocol="TLS"/> 

Additional Information

Use  SSLShopper and/or Certificate Decoder utilities to examine certificates.

Powered by Wolken Software