3

I am trying to enable SSL in my hosted project via tomcat.

I managed to upload certs but the connection is still unsecured.

My Url looks like this

laptap.partner.solution

Is it possible to enable SSL using this url, and get a green lock at the same time? Someone told me SSL only works on TLD's.

What does it mean?

AyukNayr
  • 386
  • 2
  • 21
  • 1
    `.solution` is still a TLD as far as ICANN is concerned. Generic TLDs can use SSL the same way as a traditional TLD, your issue probably lies elsewhere in your certificate chain setup or Tomcat config. – Hoppeduppeanut Sep 03 '18 at 06:22
  • Please correct me if I'm wrong. Here's what I did. 1.generate Keystore 2.generate CSR 3.request CA certs using CSR 4.install files received to keystore 5.configure tomcat isn't this right? or there are still I need to do after configuring the tomcat and restarting the server? – AyukNayr Sep 03 '18 at 06:55
  • If you're using a web browser, which you don't actually say, in nearly all cases if you give a URL with no scheme it defaults to http: NOT https:. If you want an https: connection you **MUST SPECIFY https:** – dave_thompson_085 Sep 03 '18 at 08:33
  • hmm isn't obvious that I used browser? anyway, I already done that ofcourse. https ://laptap.partner.solution but didn't worked. – AyukNayr Sep 03 '18 at 10:50
  • 1
    "Someone told me SSL only works on TLD's." that someone is too vague/imprecise/wrong. HTTPS works with X.509 certificates using hostnames, that is true. Hostnames are using a given TLD but for TLS matters all TLDs are the same, once they are in IANA root. – Patrick Mevzek Sep 04 '18 at 14:50

1 Answers1

0

when you generate an SSL certificate you must use wildcard (*.example.com) so it works with your subdomain.

you can use Let's Encrypt to generate free SSL certificates which also supports wildcards and the Green Bar you want to have

Patrick Mevzek
  • 10,995
  • 16
  • 38
  • 54
Sadegh Alirezaie
  • 343
  • 1
  • 3
  • 17
  • can I also install it via tomcat? – AyukNayr Sep 03 '18 at 06:31
  • the best way you can host this kind of projects is to reverse proxy with other web servers like Nginx, so you can host your project beside other projects which are written in other languages, but if you need only tom cat you can generate ssl using let's encrypt and configure it manually on tomcat – Sadegh Alirezaie Sep 03 '18 at 06:34
  • 2
    It is not a MUST to use a wildcard. You can indeed solve the problem that way or you can just use the complete hostname. – Patrick Mevzek Sep 04 '18 at 14:49