Some day's ago [EMAIL PROTECTED] sent the attached mail:
> -----Ursprüngliche Nachricht-----
> Von: Jon Shoberg [mailto:[EMAIL PROTECTED]]
> Gesendet: Donnerstag, 27. September 2001 00:41
> An: [EMAIL PROTECTED]
> Betreff: Thawte, SSL, and Tomcat
<snip/>
> Does anyone have, literally, "blind instructions" for
> setting up a
> commercial SSL cert? The current docs are pretty good but I
> am looking for
> something related to tomcat 3.x.x which covers creation and
> install of a
> commercial cert.
<snip/>
--- Begin Message ---
Hi,
after long time of trying to setup a (demo)certificate from thawte.com
or
trustcenter.de I finally made it. And because of the numerous questions
on
this list concerning this topic, I thought it would be a good idea to
share
my gained "wisdom" :-)
So what follows is a step-by-step instruction on how to install a
commercial
(*not* self signed or openssl) certificate:
1. generate a local certificate:
keytool -genkey -alias tomcat -keyalg RSA -keystore <myfile>
where <myfile> is the name of the desired keystore-file
2. generate the CSR (you need it to request your (demo)certificate)
keytool -certreq -keyalg RSA -alias tomcat -file certreq.pem
-keystore
<myfile>
now you have a file called "certreq.pem". Send this to your
trustcenter.
3. most trustcenters do not deliver a so called "chained certificate",
so you have to install their root-certificate (their website says
where
to find it)
keytool -import -alias root -keystore <myfile> -trustcacerts -file
<root-cert-file>
4. after your final (demo)certificate has been sent to you, install it
like
this
keytool -import -alias tomcat -keystore <myfile> -trustcacerts -file
<received-cert-file>
For the tomcat-specific part of the installation go to the *real good*
tomcat-doc-page:
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html
I hope it helped somebody... If there are any
questions/suggestions/etc...
simply hit "REPLY" (-:
greets,
pero
--- End Message ---
