Before installing an SSL certificate, please enable port 443 on the Tomcat server to ensure that HTTPS can be enabled after the certificate is installed. For more information, refer to: How Do I Enable Port 443 for a VM?
Preparations
A remote file copy tool such as WinSCP has been prepared (it is recommended to download the latest version from the official website). If you need to deploy to Tencent Cloud CVM, it is suggested to use the file upload feature of the CVM. For more details, please refer to Uploading Files to CVM.
Install the remote login tool such as PuTTY or Xshell.
The data required to install the SSL certificate includes:
Name
Note
Server IP address
The server IP address, which is used to connect the PC to the server.
Username
The username used to log in to the server.
Password
The password used to log in to the server.
Instructions
1. Please navigate to the SSL Certificate Service Console and select the certificate you wish to install, then click Download.
2. In the pop-up Certificate Download window, select Tomcat as the server type, click to download and unzip the cloud.tencent.com certificate file package to a local directory. After decompression, you can obtain the relevant type of certificate files. This includes the cloud.tencent.com_tomcat folder:
Folder name: cloud.tencent.com_tomcat
Folder content:
cloud.tencent.com.pfx Certificate file
keystorePass.txt password file (If a private key password has been set, there will be no keystorePass.txt password file)
3. Utilize WinSCP (a tool for transferring files between a local and a remote computer) to access the Tomcat server.
We recommend using the file upload feature of the Cloud Virtual Machine (CVM) for deployment to Tencent Cloud. For more details, please refer to Uploading Files to CVM.
4. Copy the obtained cloud.tencent.com.pfx certificate file from the local directory to the src/main/resources directory of the Spring Boot project, as shown in the following figure:
5. Log in to the Spring Boot server remotely. For instance, using the "PuTTY" tool for login.
6. Edit the application.properties or application.yml file of the Spring Boot project. Choose one of the following methods based on your actual requirements:
Method 1
Modify the application.properties file by adding the following content:
The main parameters of the configuration file are described as below:
Classpath: Refers to the project's src/main/java and src/main/resources paths. Files stored under these two paths can be referenced using the classpath as the path.
Key-store: The location where the certificate file is stored, i.e., the path where the certificate file is stored in Step 4.
key-store-password: The password for the password file, specifying the password for the keystore.
If a private key password was set when applying for the certificate, please enter the private key password;
If a private key password was not set when applying for the certificate, please enter the password found within the keystorePass.txt file in the cloud.tencent.com_tomcat directory.
Key-alias: This is the key alias. For certificates downloaded from the SSL Certificate Service Console, the alias is the domain to which the certificate is bound, such as cloud.tencent.com.
7. Restart the Spring Boot service. If the startup is successful, you can access it through https://cloud.tencent.com.
If the security lock icon is displayed in the browser, the certificate has been installed successfully. The details are as shown below:
