Instruction: How to install Verisign certificate to
Tomcat.
Hope it helps somebody.
1. Make self-signed certificate:
keytool -genkey -keystore your.keystore
You should get:
Enter keystore password: your_password
What is your first and last name?
[Unknown]: somename.com
That�s right, you should put domain name here, not
your first and last name. -) Answer all next
questions.
2. Check it:
keytool -list -v -keystore your.keystore
Enter keystore password: your_password
You should get something like this:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry:
Alias name: mykey
Creation date: Mon Mar 25 13:15:11 EST 2002
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=somename.com, OU= some name L.L.C., O= some
name Inc, L=some town, ST=some state, C=some country
Issuer: CN= somename.com, OU= some name L.L.C., O=
some name Inc, L= some town, ST= some state, C= some
country
Serial number: 3c9f6345
Valid from: Mon Mar 25 13:15:02 EST 2002 until: Sun
Jun 23 14:15:02 EDT 2002
Certificate fingerprints:
MD5:
6F:F3:64:D7:D1:6A:5F:2E:AB:0F:2B:B5:8C:87:59:84
SHA1:
D8:B1:19:1C:E4:3F:25:2C:5A:E8:05:C0:A7:4B:5F:BB:05:1E:94:02
*******************************************
*******************************************
3. Make request certificate:
keytool -certreq - keystore your.keystore
Enter keystore password: your_password
You should get:
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIB1zCCAUACAQAwgZYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcg
........
........
nELWwLTxds8FSK6eqsU1NENMFg==
-----END NEW CERTIFICATE REQUEST-----
Copy it to textbox in Verisign website when you�ll be
order certificate (you�ll be asked about that).
4. You get your certificate signed by Verisign
(usually by email). Copy it to file somename.cer.
After that:
keytool -import -trustcacerts -file somename.cer
-keystore your.keystore
Enter keystore password: your_password
You should get:
Certificate reply was installed in keystore
5. Check it:
keytool -list -v -keystore your.keystore
Enter keystore password: your_password
You should get something like this:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry:
Alias name: mykey
Creation date: Thu Apr 18 12:52:25 EDT 2002
Entry type: keyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=somename.com, OU=some name L.L.C., O=some
name Inc, L=some town, ST=some state, C=some country
Issuer: OU=Secure Server Certification Authority,
O="RSA Data Security, Inc.", C=US
Serial number: 48a29e834c57a88bc1c3350x23454395
Valid from: Tue Apr 09 20:00:00 EDT 2002 until: Thu
Apr 10 19:59:59 EDT 2003
Certificate fingerprints:
MD5:
8F:5A:F0:A2:9E:B1:A7:50:FA:59:0C:4C:49:AD:BE:A5
SHA1:
C2:61:A4:BE:AA:85:97:AC:F1:DF:07:24:9D:DC:FA:5F:FF:D4:5A:28
Certificate[2]:
Owner: OU=Secure Server Certification Authority,
O="RSA Data Security, Inc.", C=US
Issuer: OU=Secure Server Certification Authority,
O="RSA Data Security, Inc.", C=US
Serial number: 2ad667e4e45fe5e576f3c98195eddc0
Valid from: Tue Nov 08 19:00:00 EST 1994 until: Thu
Jan 07 18:59:59 EST 2010
Certificate fingerprints:
MD5:
74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93
SHA1:
44:63:C5:31:D7:CC:C1:00:67:94:61:2B:B6:56:D3:BF:82:57:84:6F
*******************************************
*******************************************
6. Copy file your.keystore to tomcat_home directory.
Check server.xml. It should contain:
<Connector
className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler"
value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
<Parameter name="port" value="443"/>
<Parameter name="socketFactory"
value="org.apache.tomcat.net.SSLSocketFactory"/>
<Parameter name="keystore" value="your.keystore"/>
<Parameter name="keypass" value="your_password"/>
<Parameter name="clientAuth" value="false"/>
</Connector>
7. Restart/run your Tomcat.
__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
