Skip to content

Configuring SSL with Self-Signed Certificate for Martini Server Runtime

Creating a self-signed SSL certificate can be useful for development, testing purposes, or internal networks. Follow these steps to generate and configure a self-signed certificate for your Martini Server Runtime.

Install OpenSSL

OpenSSL is required for the following steps. OpenSSL is installed by default on Linux and macOS, so users of these operating systems can proceed directly to the next step.

Windows users will need to install OpenSSL. The easiest way is to install Git, which bundles OpenSSL.

Download and install Git. After installation, open Git Bash and continue with the next steps.

1. Generate a Private Key

Start by generating a private key with the following command:

1
openssl genrsa -out www.YourDomain.com.key 2048

2. Create a Certificate Signing Request (CSR)

Next, create a CSR using the private key:

1
openssl req -new -key www.YourDomain.com.key -out www.YourDomain.com.csr -subj "/CN=www.YourDomain.com"

3. Create Configuration File

Create a configuration file named www.YourDomain.com.cnf and insert the following content:

1
2
3
4
5
6
7
8
9
[req]
distinguished_name = req_distinguished_name
req_extensions = req_ext

[req_distinguished_name]
CN = www.YourDomain.com

[req_ext]
subjectAltName = DNS:www.YourDomain.com, DNS:127.0.0.1

4. Generate Self-Signed Certificate

Use the CSR and the configuration file to generate the self-signed certificate:

1
openssl req -x509 -nodes -days 365 -key www.YourDomain.com.key -new -out www.YourDomain.com.crt -config www.YourDomain.com.cnf -extensions req_ext

When prompted for a Distinguished Name (DN), you can type your domain. In this example, we are using www.YourDomain.com.

5. Convert to PKCS12 Format

Convert the self-signed certificate and private key to PKCS12 format for use with Tomcat:

1
openssl pkcs12 -export -in www.YourDomain.com.crt -inkey www.YourDomain.com.key -out www.YourDomain.com.p12 -CAfile www.YourDomain.com.crt -caname root -passout pass:your-password

Note: Remember the password you set, as it will be needed for the Martini configuration.

6. Importing Certificate to Linux

To ensure your system recognizes the new certificate, follow these steps:

  1. Navigate to the CA certificates directory:
1
cd /usr/local/share/ca-certificates/
  1. Create a new directory for your local certificates:
1
sudo mkdir www.YourDomain.com
  1. Copy the .crt file into the www.YourDomain.com directory:
1
sudo cp www.YourDomain.com.crt www.YourDomain.com/
  1. Set the appropriate permissions:
1
2
sudo chmod 755 /usr/local/share/ca-certificates/www.YourDomain.com
sudo chmod 644 /usr/local/share/ca-certificates/www.YourDomain.com/www.YourDomain.com.crt
  1. Update the CA certificates:
1
sudo update-ca-certificates
  1. Restart your web browser if it is currently running.

7. Martini Configuration

Edit the <martini-home>/conf/override.properties file to configure the SSL certificate for your Martini Runtime:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
# Directory of your keystore certificate
server.tomcat.https.keystoreFile=<keystore-dir>/www.YourDomain.com.p12
# Your keystore certificate password
server.tomcat.https.keystorePass=your-password
# Tomcat HTTP server port
# The default Martini port is 8080. Change it to 80 to redirect browsers to HTTPS.
server.http.port=80
# Tomcat HTTPS server port
# Enable this to use HTTPS with the SSL certificate assigned.
server.https.port=443

8. Start or Restart Martini Runtime

Start the Martini Runtime if it is not already running. If it is running, restart it to apply the changes.

9. Verify SSL Installation

Visit https://www.YourDomain.com in your web browser to verify that your self-signed certificate is installed correctly.