On Sun, May 15, 2011 at 1:55 AM, Larry Bugbee <bug...@seanet.com> wrote:
> > > It is a matter of trust. If your server is serving a very small group that > will trust your self-signed cert, then fine. If however your server is to > be visited by a large number of people most of which won't know you, they > would likely feel better if your cert was obtained from a well-known and > trustable 3rd party. > > Then, no luck! I have to go for 3rd party. So, here are the steps I am going to follow, what do you say? 1. Generate Private key: with openssl genrsa -des3 -out myserv.key 2048 2. Remove passphrase from key: 3. Generate CSR: with openssl req -new -key myserv.key -out myserv.csr 4. Submit this csr into 3rd party 5. get the certificate and SAVE IT AS MYSERV.CRT ( am I correct here? ) 6. Concatenation CRT+PRIVATE KEY and SAVE THE CONCATENATION AS PEM FORMAT 7. RE-ENCODE PEM INTO PKCS12 8. Create JKS 9. Now what? how can I install JKS for tomcat and apache? what do you suggest me to do? any link? -- Best, Zico
