Here is what worked for me:
STEP A - generate your private key
Pre-req: JDK must be installed
1) cd to $JAVA_HOME/jre/bin
2) run ./keytool -genkey -alias tomcat -keyalg RSA -keystore <FULL PATH
TO KEYSTORE>
3) You will be prompted for a password for the keystore
3) at the prompts, enter:
What is your first and last name?
[Unknown]: <DO NOT USE NAME - ENTER THE NAME OF YOUR MACHINE AS IT'S
KNOWN TO VISITORS>
What is the name of your organizational unit?
[Unknown]: <WHATEVER YOU LIKE>
What is the name of your organization?
[Unknown]: <TYPICALLY COMPANY NAME>
What is the name of your City or Locality?
[Unknown]: <YOUR CITY>
What is the name of your State or Province?
[Unknown]: <STATE OR PROV>
What is the two-letter country code for this unit?
[Unknown]: <COUNTRY CODE>
4) You will then be prompted for another password - use the same (ie.
Press ENTER)
STEP B - Generate a Certificate Request
1) cd to $JAVA_HOME/jre/bin
2) ./keytool -certreq -alias tomcat -file csr.txt -keystore <FULL PATH
TO SAME KEYSTORE CREATED IN STEP A>
STEP C - Get the new cert from Verisign
www.versign.com has all the info here
STEP D - Install the Verisign ROOT CA cert AND your server cert
When you get your cert in step C, they will provide you with the root
cert
1) cd to $JAVA_HOME/jre/bin
2) ./keytool -import -alias verisign -file <FILE THAT CONTAINS THE
VERSIGN ROOT CA CERT> -keystore <PATH TO KEYSTORE>
3) ./keytool -import -trustcacerts -alias tomcat -file <FILE THAT
CONTAINS YOUR CERT FROM VERISIGN> -keystore <PATH TO KEYSTORE>
STEP E - Configure an SSL listener for tomcat
1) edit $JAKARTA_HOME/conf/server.xml and add the following:
<!-- Define an SSL HTTP/1.1 Connector on port 443 -->
<Connector className="org.apache.catalina.connector.http.HttpConnector"
port="443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="10" debug="10" scheme="https" secure="true">
<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="false" protocol="TLS"
keystoreFile="<FULL PATH TO KEYSTORE FILE>"
keystorePass="<PASSWORD HERE>"/>
</Connector>
2) Stop and start the tomcat server
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Monday, May 06, 2002 6:27 AM
To: [EMAIL PROTECTED]
Subject: SSL certificate help!
Hello all,
I have got a Trial SSL Server Digital ID from Verisign . I would like
to
know how to configure it with tomcat(3.2.1) . i'm trying to enable ssl
with tomcat.
any help in this regard would be most welcome.
thanks in advance
Ritesh
------------------------------------------------------------------------
----
This message contains privileged and confidential information and is
intended only for the individual named.If you are not the intended
recipient
you should not disseminate,distribute,store,print, copy or deliver this
message.Please notify the sender immediately by e-mail if you have
received
this e-mail by mistake and delete this e-mail from your system.E-mail
transmission cannot be guaranteed to be secure or error-free as
information
could be intercepted,corrupted,lost,destroyed,arrive late or incomplete
or
contain viruses.The sender therefore does not accept liability for any
errors or omissions in the contents of this message which arise as a
result
of e-mail transmission. If verification is required please request a
hard-copy version.
------------------------------------------------------------------------
----
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
