Summary of problem:
By default, Express Server 9 uses a self-signed SSL certificate. This type of certificate displays a red warning message in some browsers. If you have purchased a certificate you can modify Tomcat to use your own certificate instead which will remove the warning.
Process:
To Install an SSL certificate in Tomcat on Windows, complete the following steps:
- Locate the Java installation and locate keytool.exe inside of its bin directory.
- Create a new store with a temporary key. Replace the text "lizard" with the password you wish to use for your new keystore.
- keytool -genkey -alias tomcat -keyalg RSA -validity 3650 -storepass lizard -keypass lizard-dname "CN=test, O=test, L=test, S=test, C=test" -keystore .newkeystore
- Delete the Tomcat alias/temporary key (this will keep the new keystore but remove its key).
- keytool -delete -alias tomcat -keystore .newkeystore
- Import your certificate file. Replace the -file value below with the path to your certificate. Use a full path when running keytool even if you are in the directory.
- keytool -import -alias tomcat -keystore .newkeystore -file c:\users\testuser\testuser.servername.local
- Rename the old .keystore file to .keystore.installed and overwrite with the new one.
- Browse to C:\Program Files\LizardTech\ExpressServer\ImageServer\etc\
- Rename the existing .keystore file to .keystore.installed so that the server will not use it any longer.
- Copy your newly generated .keystore file from the Java directory into the etc directory.
- Modify Tomcat to use the new keystore and update the password.
- Browse to C:\Program Files\LizardTech\Express Server\Tomcat\conf
- Open the server.xml file in a text editor.
- Find the section that defines Connector port="8443" and change the keystorePass field to the new password.
- < Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" keystoreFile="C:\Program Files\LizardTech\Express Server\ImageServer\etc\.keystore" keystorePass="lizard" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />
- Restart the Tomcat service.