{"id":45629,"date":"2016-02-08T21:31:23","date_gmt":"2016-02-08T18:31:23","guid":{"rendered":"https:\/\/www.altoros.com\/blog\/?p=45629"},"modified":"2021-03-12T04:32:48","modified_gmt":"2021-03-12T01:32:48","slug":"how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf","status":"publish","type":"post","link":"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/","title":{"rendered":"How to Configure SSL Encryption for Custom Domains on Pivotal CF"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/#Where_to_start\" >Where to start?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/#Generating_a_JKS_certificate\" >Generating a JKS certificate<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/#Generating_a_CSR_file\" >Generating a CSR file<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/#Getting_your_certificates_signed\" >Getting your certificates signed<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/#Creating_a_chaincrt_file\" >Creating a chain.crt file<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/#Converting_JKS_to_RSA\" >Converting JKS to RSA<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/#Creating_a_new_SSL_service\" >Creating a new SSL service<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/#Creating_a_DNS_CNAME_record\" >Creating a DNS CNAME record<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/#Redirecting_HTTP_traffic_to_HTTPS\" >Redirecting HTTP traffic to HTTPS<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/#Further_reading\" >Further reading<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Where_to_start\"><\/span>Where to start?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/07\/pivotal-cf-ssl-java-v3.png\" alt=\"pivotal-cf-ssl-java-v3\" width=\"230\" height=\"131\" style=\"margin: 0px 0px 15px 20px\" class=\"alignright size-full wp-image-45630\" \/><\/p>\n<p>The new Pivotal SSL Service has made it possible to use your own certificates in <a href=\"https:\/\/tanzu.vmware.com\/content\/pivotal-web-services-blog\/pivotal-web-services-end-of-availability-announcement-and-timeline\" target=\"_blank\" rel=\"noopener noreferrer\">PCF<\/a>\u2014both domain-specific and wildcard. This means SSL\/TLS encryption can now be added to apps in custom domains. However, if you work with Apache Tomcat and <a href=\"https:\/\/en.wikipedia.org\/wiki\/Keystore\" target=\"_blank\" rel=\"noopener noreferrer\">JKS<\/a>, you may find that the <a href=\"https:\/\/docs.run.pivotal.io\/marketplace\/pivotal-ssl.html\" target=\"_blank\" rel=\"noopener noreferrer\">official documentation<\/a> provides the main instructions, but\u2014unfortunately\u2014does not cover the details.<\/p>\n<p>As a Java developer, I am used to dealing with SSL certificates in the JKS format that can be used in Apache Tomcat configuration. Normally, you will need to have something similar to this connection definition in your <em>server.xml<\/em>:<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n    &lt;Connector port=&quot;8443&quot;\r\n                protocol=&quot;org.apache.coyote.http11.Http11Protocol&quot;\r\n                keystoreFile=&quot;my.keystore&quot;\r\n                keystorePass=&quot;password&quot;\r\n                keyAlias=&quot;mysite&quot;  URIEncoding=&quot;UTF-8&quot;\r\n              maxThreads=&quot;150&quot; SSLEnabled=&quot;true&quot; scheme=&quot;https&quot; secure=&quot;true&quot;\r\n            clientAuth=&quot;false&quot; sslProtocol=&quot;TLS&quot; \/&gt;\r\n<\/pre>\n<p>If you already have a certificate, it is probably declared here. If not, below are step-by-step instructions on how to create it from scratch.<\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Generating_a_JKS_certificate\"><\/span>Generating a JKS certificate<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The <em>my.keystore<\/em> file was created using the command:<\/p>\n<p><pre>  keytool -genkey -alias [youralias] -keyalg RSA -keystore [\/preferred\/keystore\/path\/my.keystore]\r\n<\/pre>\n<\/p>\n<p>Keep in mind that the <a href=\"https:\/\/www.ssl.com\/info\/\" target=\"_blank\" rel=\"noopener noreferrer\">Common Name<\/a>\u2014which answers the question &#8220;What is your first and last name?&#8221;\u2014should be your domain name:<\/p>\n<pre>\r\n    What is your first and last name?\r\n      [Unknown]:  www.mysite.com\r\n    What is the name of your organizational unit?\r\n      [Unknown]:  Unit\r\n    What is the name of your organization?\r\n      [Unknown]:  Organization\r\n    What is the name of your City or Locality?\r\n      [Unknown]:  City\r\n    What is the name of your State or Province?\r\n      [Unknown]:  State\r\n    What is the two-letter country code for this unit?\r\n      [Unknown]:  US\r\n    Is CN=www.mysite.com, OU=Unit, O=Organization, L=City, ST=State, C=US correct?\r\n      [no]:  yes\r\n<\/pre>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Generating_a_CSR_file\"><\/span>Generating a CSR file<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Then, the CSR file was generated with:<\/p>\n<p><pre>  keytool -certreq -keyalg RSA -alias [youralias] -file [my].csr -keystore [path\/to\/your\/keystore\/my.keystore]\r\n<\/pre>\n<\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Getting_your_certificates_signed\"><\/span>Getting your certificates signed<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The CSR file that you have just created needs to be submitted to a certification authority, like <a href=\"https:\/\/uk.godaddy.com\/help\/ssl-certificates-1000006\" target=\"_blank\" rel=\"noopener noreferrer\">GoDaddy<\/a> or <a href=\"https:\/\/ssl.comodo.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Comodo<\/a>. After <a href=\"https:\/\/uk.godaddy.com\/help\/verifying-your-domain-ownership-for-ssl-certificate-requests-html-or-dns-7452\" target=\"_blank\" rel=\"noopener noreferrer\">domain validation<\/a>, you will receive a ZIP archive with a set of <em>*.crt<\/em> files. In my case, it was <em>gd_bundle-g2-g1.crt<\/em> with root and intermediate certificates and <em>79bd1f68a63.crt<\/em> with a certificate for the validated domain.<\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Creating_a_chaincrt_file\"><\/span>Creating a <em>chain.crt<\/em> file<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>All these <em>*.crt<\/em> files need to be copied to a single <em>chain.crt<\/em> file that looks like this:<\/p>\n<pre>\r\n      -----BEGIN CERTIFICATE-----\r\n      \u2026\u2026..\r\n      -----END CERTIFICATE-----\r\n      -----BEGIN CERTIFICATE-----\r\n      \u2026\u2026..\r\n      -----END CERTIFICATE-----\r\n      -----BEGIN CERTIFICATE-----\r\n      \u2026\u2026...\r\n      -----END CERTIFICATE-----\r\n      <em>(\u2026and so on)<\/em>\r\n<\/pre>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Converting_JKS_to_RSA\"><\/span>Converting JKS to RSA<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>With both <em>my.keystore<\/em> (the private key) and <em>chain.crt<\/em> (a set of certificates) in place, we are about to complete SSL service configuration. But first, our private key must be converted from JKS to the RSA format. That can be done in a number of different ways. Here is just one of them:<\/p>\n<ol>\n<li>convert JKS to p12:<\/li>\n<p><pre>  keytool -importkeystore -srckeystore my.keystore -destkeystore my.p12 -srcstoretype jks -deststoretype pkcs12<\/pre>\n<\/p>\n<li>convert p12 to an encrypted .pem file:<\/li>\n<p><pre>  openssl pkcs12 -in my.p12 -out my.pem<\/pre>\n<\/p>\n<li>create an RSA private key that can be used in PCF:<\/li>\n<p><pre>  openssl rsa -in my.pem -out my.key <\/pre>\n<\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Creating_a_new_SSL_service\"><\/span>Creating a new SSL service<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Now we can create a new SSL service using the Pivotal CF GUI:<\/p>\n<ul>\n<li>\n<p>In step one, click the &#8220;Upload .crt&#8221; button and select the <em>chain.crt<\/em> file with all the certificates included.<\/p>\n<\/li>\n<li>\n<p>In step two, click &#8220;Upload .key&#8221; and select the <em>my.key<\/em> file created by the <em>openssl<\/em> utility. Then, click \u201cSubmit.\u201d<\/p>\n<\/li>\n<\/ul>\n<p><center><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/07\/pivotalcf-ssl-jks-certificate.png\" alt=\"Pivotal CF TLS for Custom Domains\" width=\"630\" class=\"aligncenter size-full wp-image-45631\" \/><\/center><\/p>\n<p>If everything was done correctly, you should see this page:<\/p>\n<p><center><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/07\/ssl-cloud-foundry.png\" alt=\"TLS\/SSL with JKS Certificates on Pivotal CF\" width=\"630\" class=\"aligncenter size-full wp-image-45631\" \/><\/center><br \/>\n&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Creating_a_DNS_CNAME_record\"><\/span>Creating a DNS CNAME record<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>After your application has been deployed to Cloud Foundry, the domain needs to be <a href=\"https:\/\/docs.cloudfoundry.org\/devguide\/deploy-apps\/routes-domains.html\" target=\"_blank\" rel=\"noopener noreferrer\">registered<\/a> with:<\/p>\n<p><pre>  cf create-domain Mysite mysite.com<\/pre>\n<\/p>\n<p>We also need to map a route with:<\/p>\n<p><pre>  cf map-route mysiteappname mysite.com -n \"*\"<\/pre>\n<\/p>\n<p>The final step is creating a DNS CNAME record. In Amazon Web Services, that can be done using the Route53 service:<\/p>\n<p><center><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/07\/ssl-tls-custom-domains-pivotalcf-v2.png\" alt=\"ssl-tls-custom-domains-pivotalcf-v2\" width=\"500\" style=\"border:grey 1px solid\" class=\"aligncenter size-full wp-image-45633\" \/><\/center><\/p>\n<p>Now all requests to <em>https:\/\/www.mysite.com<\/em> will be encrypted using your own SSL certificate for the custom domain <em>mysite.com<\/em>, but <em>http:\/\/mysite.cfapps.io<\/em> is still working, providing access to your website via a non-encrypted connection.<\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Redirecting_HTTP_traffic_to_HTTPS\"><\/span>Redirecting HTTP traffic to HTTPS<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>At this moment, there are no additional settings in the Pivotal SSL service and you cannot automatically redirect HTTP traffic to HTTPS. As a temporary workaround, that can be done using the following configuration in Spring Boot:<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n@SpringBootApplication\r\n@RestController\r\npublic class SslTestApplication {\r\n\r\n    @Bean\r\n    public TomcatEmbeddedServletContainerFactory tomcatEmbeddedServletContainerFactory(){\r\n     return new TomcatEmbeddedServletContainerFactory() {\r\n       @Override\r\n       protected void postProcessContext(Context context) {\r\n         SecurityConstraint securityConstraint = new SecurityConstraint();\r\n         securityConstraint.setUserConstraint(&quot;CONFIDENTIAL&quot;);\r\n         SecurityCollection collection = new SecurityCollection();\r\n         collection.addPattern(&quot;\/*&quot;);\r\n         securityConstraint.addCollection(collection);\r\n         context.addConstraint(securityConstraint);\r\n       }\r\n     };\r\n    }\r\n\r\n    public static void main(String&#x5B;] args) {\r\n     SpringApplication.run(SslTestApplication.class, args);\r\n    }\r\n}\r\n<\/pre>\n<p>If you add this code to your Spring Boot app, all requests will be forced to go through HTTPS\u2014via a secure path.<\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Further_reading\"><\/span>Further reading<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/\">Cloud Foundry Security: Do Containers Contain?<\/a><\/li>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/\">Cloud Foundry Security Overview<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Where to start?<\/p>\n<p>The new Pivotal SSL Service has made it possible to use your own certificates in PCF\u2014both domain-specific and wildcard. This means SSL\/TLS encryption can now be added to apps in custom domains. However, if you work with Apache Tomcat and JKS, you may find that the official documentation [&#8230;]<\/p>\n","protected":false},"author":53,"featured_media":45637,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[214],"tags":[873,28],"class_list":["post-45629","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tutorials","tag-cloud-native","tag-pivotal-cf"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to Configure SSL Encryption for Custom Domains on Pivotal CF | Altoros<\/title>\n<meta name=\"description\" content=\"This tutorial provides all the steps for creating a certificate and setting up the Pivotal SSL Service.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Configure SSL Encryption for Custom Domains on Pivotal CF | Altoros\" \/>\n<meta property=\"og:description\" content=\"Where to start? The new Pivotal SSL Service has made it possible to use your own certificates in PCF\u2014both domain-specific and wildcard. This means SSL\/TLS encryption can now be added to apps in custom domains. However, if you work with Apache Tomcat and JKS, you may find that the official documentation [...]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/\" \/>\n<meta property=\"og:site_name\" content=\"Altoros\" \/>\n<meta property=\"article:published_time\" content=\"2016-02-08T18:31:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-03-12T01:32:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/02\/How-to-Configure-SSL-Encryption-for-Custom-Domains-on-Pivotal-CF.gif\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"560\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/gif\" \/>\n<meta name=\"author\" content=\"Sergey Balashevich\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sergey Balashevich\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\\\/\"},\"author\":{\"name\":\"Sergey Balashevich\",\"@id\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/#\\\/schema\\\/person\\\/c71b4c4cc4cc4a44d640461a4278d9a1\"},\"headline\":\"How to Configure SSL Encryption for Custom Domains on Pivotal CF\",\"datePublished\":\"2016-02-08T18:31:23+00:00\",\"dateModified\":\"2021-03-12T01:32:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\\\/\"},\"wordCount\":707,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/02\\\/How-to-Configure-SSL-Encryption-for-Custom-Domains-on-Pivotal-CF.gif\",\"keywords\":[\"Cloud-Native\",\"Pivotal CF\"],\"articleSection\":[\"Tutorials\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.altoros.com\\\/blog\\\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\\\/\",\"url\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\\\/\",\"name\":\"How to Configure SSL Encryption for Custom Domains on Pivotal CF | Altoros\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/02\\\/How-to-Configure-SSL-Encryption-for-Custom-Domains-on-Pivotal-CF.gif\",\"datePublished\":\"2016-02-08T18:31:23+00:00\",\"dateModified\":\"2021-03-12T01:32:48+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/#\\\/schema\\\/person\\\/c71b4c4cc4cc4a44d640461a4278d9a1\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.altoros.com\\\/blog\\\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/02\\\/How-to-Configure-SSL-Encryption-for-Custom-Domains-on-Pivotal-CF.gif\",\"contentUrl\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/02\\\/How-to-Configure-SSL-Encryption-for-Custom-Domains-on-Pivotal-CF.gif\",\"width\":640,\"height\":560},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Configure SSL Encryption for Custom Domains on Pivotal CF\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/\",\"name\":\"Altoros\",\"description\":\"Insight\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/#\\\/schema\\\/person\\\/c71b4c4cc4cc4a44d640461a4278d9a1\",\"name\":\"Sergey Balashevich\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/Sergey-Balashevich-96x96.jpg\",\"url\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/Sergey-Balashevich-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/Sergey-Balashevich-96x96.jpg\",\"caption\":\"Sergey Balashevich\"},\"description\":\"Sergey Balashevich is Head of Software Development at Altoros. Over the last 10+ years, he has tried his hand at a long list of technologies. Currently, he is mostly working with the Java stack and platforms, such as Amazon Web Services, Microsoft Azure, Pivotal Cloud Foundry, HP Helion, etc. His primary activities are around designing cloud-native architectures and leading teams of engineers building distributed solutions.\",\"url\":\"https:\\\/\\\/www.altoros.com\\\/blog\\\/author\\\/balashevich-sergey\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Configure SSL Encryption for Custom Domains on Pivotal CF | Altoros","description":"This tutorial provides all the steps for creating a certificate and setting up the Pivotal SSL Service.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/","og_locale":"en_US","og_type":"article","og_title":"How to Configure SSL Encryption for Custom Domains on Pivotal CF | Altoros","og_description":"Where to start? The new Pivotal SSL Service has made it possible to use your own certificates in PCF\u2014both domain-specific and wildcard. This means SSL\/TLS encryption can now be added to apps in custom domains. However, if you work with Apache Tomcat and JKS, you may find that the official documentation [...]","og_url":"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/","og_site_name":"Altoros","article_published_time":"2016-02-08T18:31:23+00:00","article_modified_time":"2021-03-12T01:32:48+00:00","og_image":[{"width":640,"height":560,"url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/02\/How-to-Configure-SSL-Encryption-for-Custom-Domains-on-Pivotal-CF.gif","type":"image\/gif"}],"author":"Sergey Balashevich","twitter_misc":{"Written by":"Sergey Balashevich","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/#article","isPartOf":{"@id":"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/"},"author":{"name":"Sergey Balashevich","@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/c71b4c4cc4cc4a44d640461a4278d9a1"},"headline":"How to Configure SSL Encryption for Custom Domains on Pivotal CF","datePublished":"2016-02-08T18:31:23+00:00","dateModified":"2021-03-12T01:32:48+00:00","mainEntityOfPage":{"@id":"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/"},"wordCount":707,"commentCount":0,"image":{"@id":"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/#primaryimage"},"thumbnailUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/02\/How-to-Configure-SSL-Encryption-for-Custom-Domains-on-Pivotal-CF.gif","keywords":["Cloud-Native","Pivotal CF"],"articleSection":["Tutorials"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/","url":"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/","name":"How to Configure SSL Encryption for Custom Domains on Pivotal CF | Altoros","isPartOf":{"@id":"https:\/\/www.altoros.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/#primaryimage"},"image":{"@id":"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/#primaryimage"},"thumbnailUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/02\/How-to-Configure-SSL-Encryption-for-Custom-Domains-on-Pivotal-CF.gif","datePublished":"2016-02-08T18:31:23+00:00","dateModified":"2021-03-12T01:32:48+00:00","author":{"@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/c71b4c4cc4cc4a44d640461a4278d9a1"},"breadcrumb":{"@id":"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/#primaryimage","url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/02\/How-to-Configure-SSL-Encryption-for-Custom-Domains-on-Pivotal-CF.gif","contentUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/02\/How-to-Configure-SSL-Encryption-for-Custom-Domains-on-Pivotal-CF.gif","width":640,"height":560},{"@type":"BreadcrumbList","@id":"https:\/\/www.altoros.com\/blog\/how-to-configure-ssl-encryption-for-custom-domains-on-pivotal-cf\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.altoros.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How to Configure SSL Encryption for Custom Domains on Pivotal CF"}]},{"@type":"WebSite","@id":"https:\/\/www.altoros.com\/blog\/#website","url":"https:\/\/www.altoros.com\/blog\/","name":"Altoros","description":"Insight","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.altoros.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/c71b4c4cc4cc4a44d640461a4278d9a1","name":"Sergey Balashevich","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/07\/Sergey-Balashevich-96x96.jpg","url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/07\/Sergey-Balashevich-96x96.jpg","contentUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/07\/Sergey-Balashevich-96x96.jpg","caption":"Sergey Balashevich"},"description":"Sergey Balashevich is Head of Software Development at Altoros. Over the last 10+ years, he has tried his hand at a long list of technologies. Currently, he is mostly working with the Java stack and platforms, such as Amazon Web Services, Microsoft Azure, Pivotal Cloud Foundry, HP Helion, etc. His primary activities are around designing cloud-native architectures and leading teams of engineers building distributed solutions.","url":"https:\/\/www.altoros.com\/blog\/author\/balashevich-sergey\/"}]}},"_links":{"self":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/45629","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/users\/53"}],"replies":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/comments?post=45629"}],"version-history":[{"count":4,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/45629\/revisions"}],"predecessor-version":[{"id":60528,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/45629\/revisions\/60528"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/media\/45637"}],"wp:attachment":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/media?parent=45629"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/categories?post=45629"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/tags?post=45629"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}