Hello, so, what about the solution for non plain text passwords in the config files. There are the SSL-password and the JDBC-Realm password a.s.o.
G�nter ----- Original Message ----- From: "Glenn Parsons" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Thursday, April 25, 2002 10:43 PM Subject: RE: tomcat and SSL (keyfile password) > Hello Peter, > > Forgive my ignorance (perhaps this is why people aren't finding this sort > of information), but whatr exactly *IS* the CVS? And *WHERE* is it? > > Thanks, > Glenn > > At 10:34 PM 4/25/02 +0200, you wrote: > >Mhhh, there is an updated version of the ssl-howto in the > >CVS for MONTHS now, that describes the installation of official > >certs (like Verisign, Thawte, Trustcenter...) step by step. > >But it is *NOT* in TC 4.03 and it is not on the jakarta-webpage. > > > >I simply wonder why? People are dealing with this topic again > >and again... And I know how frustrating this can get... :-( > > > >Peter > > > > > -----Original Message----- > > > From: Dave North [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, April 25, 2002 8:33 PM > > > To: Tomcat Users List > > > Subject: RE: tomcat and SSL (keyfile password) > > > > > > > > > OK, here's what I did (this was using a test versign cert but the > > > procedure is the same for a "real" production cert): > > > > > > STEP A - generate your private key > > > > > > Pre-req: JDK must be installed > > > > > > 1) cd to $JAVA_HOME/jre/bin > > > > > > 2) run ./keytool -genkey -alias tomcat -keyalg RSA -keystore <FULL PATH > > > TO KEYSTORE> > > > > > > 3) You will be prompted for a password for the keystore > > > > > > 3) at the prompts, enter: > > > > > > What is your first and last name? > > > [Unknown]: <DO NOT USE NAME - ENTER THE NAME OF YOUR MACHINE AS IT'S > > > KNOWN TO VISITORS> > > > What is the name of your organizational unit? > > > [Unknown]: <WHATEVER YOU LIKE> > > > What is the name of your organization? > > > [Unknown]: <TYPICALLY COMPANY NAME> > > > What is the name of your City or Locality? > > > [Unknown]: <YOUR CITY> > > > What is the name of your State or Province? > > > [Unknown]: <STATE OR PROV> > > > What is the two-letter country code for this unit? > > > [Unknown]: <COUNTRY CODE> > > > > > > 4) You will then be prompted for another password - use the same (ie. > > > Press ENTER) > > > > > > STEP B - Generate a Certificate Request > > > > > > 1) cd to $JAVA_HOME/jre/bin > > > > > > 2) ./keytool -certreq -alias tomcat -file csr.txt -keystore <FULL PATH > > > TO SAME KEYSTORE CREATED IN STEP A> > > > > > > STEP C - Get the new cert from Verisign > > > > > > www.versign.com has all the info here > > > > > > STEP D - Install the Verisign ROOT CA cert AND your server cert > > > > > > When you get your cert in step C, they will provide you with the root > > > cert > > > > > > 1) cd to $JAVA_HOME/jre/bin > > > > > > 2) ./keytool -import -alias verisign -file <FILE THAT CONTAINS THE > > > VERSIGN ROOT CA CERT> -keystore <PATH TO KEYSTORE> > > > > > > 3) ./keytool -import -trustcacerts -alias tomcat -file <FILE THAT > > > CONTAINS YOUR CERT FROM VERISIGN> -keystore <PATH TO KEYSTORE> > > > > > > > > > STEP E - Configure an SSL listener for tomcat > > > > > > 1) edit $JAKARTA_HOME/conf/server.xml and add the following: > > > > > > <!-- Define an SSL HTTP/1.1 Connector on port 443 --> > > > <Connector className="org.apache.catalina.connector.http.HttpConnector" > > > port="443" minProcessors="5" maxProcessors="75" > > > enableLookups="true" > > > acceptCount="10" debug="10" scheme="https" secure="true"> > > > <Factory className="org.apache.catalina.net.SSLServerSocketFactory" > > > clientAuth="false" protocol="TLS" > > > keystoreFile="<FULL PATH TO KEYSTORE FILE>" > > > keystorePass="<PASSWORD HERE>"/> > > > </Connector> > > > > > > 2) Stop and start the tomcat server > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, April 25, 2002 2:29 PM > > > To: Tomcat Users List > > > Subject: Re: tomcat and SSL (keyfile password) > > > > > > > > > Hi Dave > > > > > > ohhh...good to know that. > > > > > > I need to set up the tomcat 4.0.3 with verisign. > > > > > > Can you please send those doc to me ? > > > > > > I appreciate your help > > > > > > thanks in advance > > > BM > > > > > > Dave North wrote: > > > > > > > Hello, > > > > After a few hours trying to get this working, I've finally got > > > > my tomcat server working with a certificate signed by Verisign. This > > > > all works great. However, to do this, I need to configure the > > > > keyfilePass into the server.xml file. This is bad as our security > > > > policy is "thou shall not have any passwords in plain text". We also > > > > use SSL on our iPlanet server and it prompts at start time for the > > > > password (they use the term software token but it's the same). So, > > > the > > > > question is: is it possible to have tomcat prompt for this and/or how > > > > have others got around keeping this in plain text? > > > > > > > > BTW: if anyone's interested, I have the complete step-by-step of how I > > > > got the versign cert working...the info is out there but it seems to > > > be > > > > all over the place. > > > > > > > > Thanks > > > > > > > > Dave > > > > > > > > Dave North > > > > SIGNIANT Inc. > > > > Trusted Data Transfer Services > > > > www.signiant.com > > > > Phone: 613-761-3623 > > > > Mobile: 613-294-3231 > > > > Fax: 613-761-3629 > > > > Email: [EMAIL PROTECTED] > > > > > > > > -- > > > > To unsubscribe: <mailto:[EMAIL PROTECTED]> > > > > For additional commands: <mailto:[EMAIL PROTECTED]> > > > > Troubles with the list: <mailto:[EMAIL PROTECTED]> > > > > > > > > > -- > > > To unsubscribe: <mailto:[EMAIL PROTECTED]> > > > For additional commands: <mailto:[EMAIL PROTECTED]> > > > Troubles with the list: <mailto:[EMAIL PROTECTED]> > > > > > > > > > -- > > > To unsubscribe: <mailto:[EMAIL PROTECTED]> > > > For additional commands: <mailto:[EMAIL PROTECTED]> > > > Troubles with the list: <mailto:[EMAIL PROTECTED]> > > > > > > >-- > >To unsubscribe: <mailto:[EMAIL PROTECTED]> > >For additional commands: <mailto:[EMAIL PROTECTED]> > >Troubles with the list: <mailto:[EMAIL PROTECTED]> > > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
