Author: jonathan Date: Mon Jul 21 01:16:57 2008 New Revision: 19748 URL: http://wso2.org/svn/browse/wso2?view=rev&revision=19748
Log: Fixed some typos. Modified: trunk/mashup/java/xdocs/keystoremanagement.html Modified: trunk/mashup/java/xdocs/keystoremanagement.html URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/xdocs/keystoremanagement.html?rev=19748&r1=19747&r2=19748&view=diff ============================================================================== --- trunk/mashup/java/xdocs/keystoremanagement.html (original) +++ trunk/mashup/java/xdocs/keystoremanagement.html Mon Jul 21 01:16:57 2008 @@ -1,5 +1,6 @@ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html xmlns="http://www.w3.org/1999/xhtml";><head><!-- +<html xmlns="http://www.w3.org/1999/xhtml";> +<head><!-- ~ Copyright 2005-2008 WSO2, Inc. (http://wso2.com) ~ ~ Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,39 +16,107 @@ ~ limitations under the License. --> -<meta http-equiv="content-type" content=""><title>Key Store Management</title> + <meta http-equiv="content-type" content=""> + <title>Keystore Management</title> -<link href="css/mashup-docs.css" rel="stylesheet" type="text/css" media="all"></head> + <link href="css/mashup-docs.css" rel="stylesheet" type="text/css" media="all"> +</head> <body lang="EN-US"> <div id="main-content"> -<h1>Key Store Management</h1> -<p>Each user account in the Mashup Server has a keystore associated -with it (The primary admins keystore is used for the system user). This -keystore is prepolulated with a list if trusted certificates but it -does not contain a private key. Hence users must upload their private -key to this keystore before making use of it. </p> - -<h2 id="managing">Managing private keys</h2><p>Uploading a private key can be done by visiting <a href="https://localhost:7443/cert_manager.jsp";>https://localhost:7443/cert_manager.jsp</a>, but first you need to get yourself a private key. </p><ul><li>If -the user already has a keystore (JKS or PKCS12) which contains a -private key, he could use that keystore to upload a private key to his -keystore.</li><li>The user can generate a private key for himself using the java keytool that comes with the JDK as follows,</li></ul><div style="margin-left: 40px;">Enter the following at the command prompt. This would create a keystore called keith.jks for you.</div> <p style="margin-left: 40px;" class="code">keytool -genkey -alias keith -keystore keith.jks</p><div style="margin-left: 40px;">This will take you through a series of questions (You can skip them by pressing the enter key if you prefer)</div><p style="margin-left: 40px;" class="code">Enter keystore password: <br>Re-enter new password: <br>What is your first and last name?<br> [Unknown]: Keith Chapman<br>What is the name of your organizational unit?<br> [Unknown]: Mashup Server<br>What is the name of your organization?<br> [Unknown]: WSO2<br>What is the name of your City or Locality?<br> [Unknown]: Colombo<br>What is the name of your State or Province?<br> [Unknown]: Western<br>What is the two-letter country code for this unit?<br> [Unknown]: SL<br>Is CN=Keith Chapman, OU=Mashup Server, O=WSO2, L=Colombo, ST=Western, C=SL correct?<br> [no]: yes<br><br>Enter key password for <keith><br> (RETURN if same as keystore password):<br>[EMAIL PROTECTED]:~$</p><br><div style="margin-left: 40px;">Once the keystore is created users can upload their private key to the Mashup Server by visiting <a href="https://localhost:7443/cert_manager.jsp";>https://localhost:7443/cert_manager.jsp</a>. <br></div><br><div style="margin-left: 40px;"><img style="width: 999px; height: 818px;" alt="Upload private key" src="images/upload_private_key.png"></div> -<h2 id="usage">Usage of user keystores</h2> -<br>The users keystore will be used for the follwoing purposes,<br><ol><li>As a truststore when accessing secured endpoints/pages/feeds. </li><li>As -a truststore when securing mashups (If the security policy used to -secure a mashup requires users to sign the request, then for those -requests to be valid the clients public certificate should be in the mashup authors keystore)</li><li>As a truststore when calling secured mashups (If -the service that you are calling needs the request to be encrypted, -then for those requests to be valid the public certificate of the -external service needs to be in the mashup authors keystore)</li><li>To obtain the private key during signing (If -the service that you are calling needs the request to be -signed, the mashup authors private key will be used to sign these -requests)</li></ol><h2 id="httpMethod">Managing certificates</h2><br>As -described above a users keystore is used for many scenarios hence its -important to be able to import certificates into your keystore. Users -can manage their certificates by visiting <a href="https://localhost:7443/cert_manager.jsp";>https://localhost:7443/cert_manager.jsp</a>. -The dialogs to upload certificates wont be displyed untill you upload -your private key. Importing certificates can be done in two ways,<br><ol><li>By providing the URL of the site</li> - <li>By uploading the certificate as a file</li></ol><img style="width: 996px; height: 816px;" alt="Uploading Certificates" src="images/uploading_certificates.png"><br></div> + <h1>Keystore Management</h1> -<p>� 2007-2008 WSO2 Inc.</p> -</body></html> \ No newline at end of file + <p>Each user account in the Mashup Server has a keystore associated + with it. (The primary admins keystore is used for the system user). This + keystore is prepopulated with a list if trusted certificates but it + does not contain a private key. Hence a user must upload his private + key to this keystore before performing any tasks that make use of it.</p> + + <h2 id="managing">Managing private keys</h2> + + <p>Uploading a private key can be + done by visiting <a href="https://localhost:7443/cert_manager.jsp";>https://localhost:7443/cert_manager.jsp</a>, + but first you need to get yourself a private key.</p> + + <ul> + <li>If the user already has a keystore (JKS or PKCS12) which contains a + private key, he could use that keystore to upload a private key to his + keystore. + </li> + <li>The user can generate a private key for himself using the java keytool that comes with the JDK as follows, + </li> + </ul> + <div style="margin-left: 40px;">Enter the following at the command prompt. This would create a keystore called + keith.jks for you. + </div> + <p style="margin-left: 40px;" class="code">keytool -genkey -alias keith -keystore keith.jks</p> + + <div style="margin-left: 40px;">This will take you through a series of questions (You can skip them by pressing the + enter key if you prefer) + </div> + <p style="margin-left: 40px;" class="code">Enter keystore password: <br> + Re-enter new password: <br> + What is your first and last name?<br> + [Unknown]: Keith Chapman<br> + What is the name of your organizational unit?<br> + [Unknown]: Mashup Server<br> + What is the name of your organization?<br> + [Unknown]: WSO2<br> + What is the name of your City or Locality?<br> + [Unknown]: Colombo<br> + What is the name of your State or Province?<br> + [Unknown]: Western<br> + What is the two-letter country code for this unit?<br> + [Unknown]: SL<br> + Is CN=Keith Chapman, OU=Mashup Server, O=WSO2, L=Colombo, ST=Western, C=SL correct?<br> + [no]: yes<br> + <br> + Enter key password for <keith><br> + + (RETURN if same as keystore password):<br> + [EMAIL PROTECTED]:~$</p> + <br> + + <div style="margin-left: 40px;">Once the keystore is created users can upload their private key to the Mashup Server + by visiting <a href="https://localhost:7443/cert_manager.jsp";>https://localhost:7443/cert_manager.jsp</a>. <br> + </div> + <br> + + <div style="margin-left: 40px;"><img style="width: 999px; height: 818px;" alt="Upload private key" + src="images/upload_private_key.png"></div> + <h2 id="usage">Usage of user keystores</h2> + <br>The user's keystore will be used for the following purposes,<br> + <ol> + <li>As a truststore when accessing secured endpoints/pages/feeds.</li> + <li>As a truststore when securing mashups (If the security policy used to + secure a mashup requires users to sign the request, then for those + requests to be valid the client's public certificate should be in the + mashup author's keystore) + </li> + <li>As a truststore when calling secured mashups (if + the service that you are calling needs the request to be encrypted, + then for those requests to be valid the public certificate of the + external service needs to be in the mashup author's keystore) + </li> + <li>To obtain the private key during signing (if + the service that you are calling needs the request to be + signed, the mashup author's private key will be used to sign these + requests) + </li> + </ol> + <h2 id="httpMethod">Managing certificates</h2> + + <br>As described above a user's keystore is used for many scenarios hence its + important to be able to import certificates into your keystore. Users + can manage their certificates by visiting <a href="https://localhost:7443/cert_manager.jsp";>https://localhost:7443/cert_manager.jsp</a>. + The dialogs to upload certificates won't be displyed until you upload + your private key. Importing certificates can be done in two ways:<br> + <ol> + <li>By providing the URL of the site.</li> + <li>By uploading the certificate as a file.</li> + </ol> + <img style="width: 996px; height: 816px;" alt="Uploading Certificates" src="images/uploading_certificates.png"><br> +</div> + +<p>© 2007-2008 WSO2 Inc.</p> +</body> +</html> \ No newline at end of file
_______________________________________________ Mashup-dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/mashup-dev
