Enabling SSL on Tomcat with a Public Certificate
If you are attempting to bundle a certificate in a keystore for Tomcat, see the Using OpenSSL to Create a Certificate Keystore for Tomcat article.
Enable and initialize an empty keystore.
Generate a certificate signing request (CSR).
Import the generated certificate(s) for use in Tomcat.
Modify the server.xml file to use the newly created certificates.
If you use a third-party certificate authority (CA), it is recommended that you contact your CA for information specific to your certificate before following these instructions.
General Requirements
Access to the host server of Jamf Pro
- The location of the Tomcat directoryNote:
The location of the Tomcat directory varies depending on the settings of your Jamf Pro installation. Common locations for the Tomcat directory are listed below.
Linux: /var/local/JSS/Tomcat/
Windows: C:\Program Files\JSS\Tomcat\
Linux: /var/lib/tomcat8/
Windows: C:\Program Files\Apache Tomcat8\
Step 1: Creating a Public Certificate for Your Jamf Pro Server
All commands in this procedure must be executed as root. On Linux, type sudo before each command. On Windows, you must execute the commands as administrator.
Creating the Certificate Using OpenSSL
Creating the Certificate Using Java Keytool
This workflow requires Java to be installed on the workstation on which you build the keystore.
Step 2: Importing the Certificate Into Jamf Pro
To import the certificate into Jamf Pro server using the Tomcat Assistant or by manually editing the server.xml file, follow the appropriate set of instructions below.
Importing the Certificate Using the Tomcat Assistant
- In Jamf Pro, click Settings
in the top-right corner of the page.
- In the System section, click Apache Tomcat settings
.
- Click Edit
.
- Select the Change the SSL certificate used for HTTPS option and click Next.
- Select Upload an existing SSL certificate and click Next.
- Click Upload and select either your keystore.jks file or the SSLCertificate.p12 file and click Next.
- Enter your keystore password and click Next.
- Click Finish and restart Tomcat.