SSL certificates in tomcat server

Question

I have developed a Rest service and deployed it in tomcat 8 server. It is working fine with http URL. I have a requirement to install SSL certificate for the server.

But there is already a service running on this server which has SSL certificate.

Now my questions are 1) do I need to install another SSL certificate for the same server ? 2) How do i find that previously installed certificate belongs to server or service ? 3) if I install new SSL certificate what configuration changes are to be included in server.xml for port redirect ?

Kindly help me techies.

Answer 1

1) do I need to install another SSL certificate for the same server ?

Probably not, depending of the kind of the SSL service running. You need to stablish a connector from the SSL service to Tomcat to forward SSL requests in a path. Usually in Tomcat is done using the AJP connector and is not needed extra configuration. Check the documentation of the SSL Service

2) How do i find that previously installed certificate belongs to server or service ?

An SSL certificate is issued to a host name (Or infrequently to an IP), so it will be valid for the entire server

3) if I install new SSL certificate what configuration changes are to be included in server.xml for port redirect ?

If the previous SSL service is running in the standard port 443, you will need a new port. Configure a new connector in server.xml with the port, ssl activated and the keystore with the certificate chain. See https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html

<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
       protocol="org.apache.coyote.http11.Http11NioProtocol"
       port="8443" maxThreads="200"
       scheme="https" secure="true" SSLEnabled="true"
       keystoreFile="${user.home}/.keystore" keystorePass="changeit"
       clientAuth="false" sslProtocol="TLS"/>