Hi Raj, thanks for your detailed mail which was very helpful. I had followed the same., but i had another question. The certificate from verisign has been placed as instructed , but how do i enable the client i.e browser in my case for the same . does anything specific has to be done?
prior to doing this, i was using a self-signed certificate, which the browser still reads. how to make the browser know abt the verisign cert? hope u got the point. thanx in advance.... Ritesh -----Original Message----- From: Raja Sekhar [mailto:[EMAIL PROTECTED]] Sent: Monday, May 06, 2002 5:30 PM To: Tomcat Users List Subject: Re: SSL certificate help! Hi, Follow these steps to configure your digital id 1. generate a local certificate: keytool -genkey -alias tomcat -keyalg RSA -keystore <myfile> where <myfile> is the name of the desired keystore-file 2. generate the CSR (you need it to request your (demo)certificate) keytool -certreq -keyalg RSA -alias tomcat -file certreq.pem -keystore <myfile> now you have a file called "certreq.pem". Send this to your trustcenter. Note : You can skip steps 1 & 2 becoz u said, u already got a verisign certificate. But make sure that u have done these steps only to send your demo cert. to verisign. 3. Goto verisign & download TrustedCA Root Certificate which they give for the browser. The downloaded file name would be getcacert. Now use the following command to import that into trust store keytool -import -alias root -keystore <myfile> -trustcacerts -file <root-cert-file> 4. Now import your verisign certificate with this command keytool -import -alias tomcat -keystore <myfile> -trustcacerts -file <received-cert-file> With the above 4 steps, u r ready with your keystore. Now goto server.xml & search for " <Http10Connector port="8443" secure="true" />" Uncomment the above line & add the following changes <Http10Connector port="8443" secure="true" keystoreFile = "path of your keystore" keypass = "if u give anything other than changeit" socketFactory = "org.apache.tomcat.net.SSLSocketFactory" /> I think this should solve your problem. All the best. Regards, ..Raj -- On Mon, 6 May 2002 15:57:03 t.riteshmenon wrote: >Hello all, > >I have got a Trial SSL Server Digital ID from Verisign . I would like to >know how to configure it with tomcat(3.2.1) . i'm trying to enable ssl >with tomcat. >any help in this regard would be most welcome. > >thanks in advance >Ritesh >--------------------------------------------------------------------------- - >This message contains privileged and confidential information and is >intended only for the individual named.If you are not the intended recipient >you should not disseminate,distribute,store,print, copy or deliver this >message.Please notify the sender immediately by e-mail if you have received >this e-mail by mistake and delete this e-mail from your system.E-mail >transmission cannot be guaranteed to be secure or error-free as information >could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or >contain viruses.The sender therefore does not accept liability for any >errors or omissions in the contents of this message which arise as a result >of e-mail transmission. If verification is required please request a >hard-copy version. >--------------------------------------------------------------------------- - > >-- >To unsubscribe: <mailto:[EMAIL PROTECTED]> >For additional commands: <mailto:[EMAIL PROTECTED]> >Troubles with the list: <mailto:[EMAIL PROTECTED]> > > Join 18 million Eudora users by signing up for a free Eudora Web-Mail account at http://www.eudoramail.com -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> ---------------------------------------------------------------------------- This message contains privileged and confidential information and is intended only for the individual named.If you are not the intended recipient you should not disseminate,distribute,store,print, copy or deliver this message.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain viruses.The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. ---------------------------------------------------------------------------- -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>