geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Geronimo v3.0 > Administering certificates
Date Mon, 31 Jan 2011 03:36:00 GMT
<html>
<head>
    <base href="https://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/2036/9/4/_/styles/combined.css?spaceKey=GMOxDOC30&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="https://cwiki.apache.org/confluence/display/GMOxDOC30/Administering+certificates">Administering
certificates</a></h2>
    <h4>Page <b>edited</b> by             <a href="https://cwiki.apache.org/confluence/display/~maojia508">maojia</a>
    </h4>
        <br/>
                         <h4>Changes (7)</h4>
                                 
    
<div id="page-diffs">
                    <table class="diff" cellpadding="0" cellspacing="0">
    
            <tr><td class="diff-unchanged" >{scrollbar} <br> <br></td></tr>
            <tr><td class="diff-changed-lines" >{excerpt}This section is about
how to administer certificates from <span class="diff-added-words"style="background-color:
#dfd;">the administration</span> console.{excerpt} <br></td></tr>
            <tr><td class="diff-unchanged" > <br></td></tr>
            <tr><td class="diff-changed-lines" >To administer SSL <span class="diff-changed-words">certificates<span
class="diff-added-chars"style="background-color: #dfd;">,</span></span> the
*Keystore Configuration* portlet is available by selecting *Keystore* on the *Console Navigation*
menu on the left <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">hand</span>
side. From this <span class="diff-changed-words">portlet<span class="diff-added-chars"style="background-color:
#dfd;">,</span></span> you can either import an existing certificate or create
a new certificate request. <br></td></tr>
            <tr><td class="diff-unchanged" > <br>!consoleKeystoreConfig.png!
<br> <br></td></tr>
            <tr><td class="diff-changed-lines" >The certificates in Geronimo are
stored in a keystore located in <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">*&lt;geronimo_home&gt;\var\security\keystores\geronimo-default*.</span>
<span class="diff-added-words"style="background-color: #dfd;">{{&lt;geronimo_home&gt;\var\security\keystores\geronimo-default}}.</span>
<br></td></tr>
            <tr><td class="diff-unchanged" > <br></td></tr>
            <tr><td class="diff-deleted-lines" style="color:#999;background-color:#fdd;text-decoration:line-through;">If
you want to use a different keystore other than the one provided by default you can create
one by clicking on *New Keystore*. You will be prompted with a keystore name and a password,
enter those values and click *Create Keystore*, for this example we entered sample_keystore
and password respectively. <br></td></tr>
            <tr><td class="diff-added-lines" style="background-color: #dfd;">If
you want to use a different keystore other than the one provided by default, you can create
one by clicking *New Keystore*. You will be prompted with a keystore name and a password,
enter those values and click *Create Keystore*. For this example, the keystore is named sample_keystore.
<br></td></tr>
            <tr><td class="diff-unchanged" > <br></td></tr>
            <tr><td class="diff-changed-lines" >The keystore you just created
does not yet contain any certificates nor key as depicted in the following figure. Also note
<span class="diff-added-words"style="background-color: #dfd;">that</span> the
keystore is by default locked, that is the closed lock in the *Available* column. <span
class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">Once</span>
<span class="diff-added-words"style="background-color: #dfd;">After</span> you
create the <span class="diff-changed-words">certificate<span class="diff-added-chars"style="background-color:
#dfd;">,</span></span> you will need to click on the lock to make that certificate
available, <span class="diff-added-words"style="background-color: #dfd;">and</span>
you will be prompted with the passwords for the keystore and certificate. <br></td></tr>
            <tr><td class="diff-unchanged" > <br>!consoleKeystoreCreate.png!
<br> <br></td></tr>
            <tr><td class="diff-changed-lines" >To create a private <span class="diff-changed-words">key<span
class="diff-added-chars"style="background-color: #dfd;">,</span></span> click
<span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">on</span>
the keys on the keystore you just created and then click on *Create Private Key*. Enter valid
data in the appropriate field data. <br></td></tr>
            <tr><td class="diff-unchanged" > <br>!consoleKeystoreCreateKey.png!
<br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
    
            </table>
    </div>                            <h4>Full Content</h4>
                    <div class="notificationGreySide">
        <style type='text/css'>/*<![CDATA[*/
table.ScrollbarTable  {border: none;padding: 3px;width: 100%;padding: 3px;margin: 0px;background-color:
#f0f0f0}
table.ScrollbarTable td.ScrollbarPrevIcon {text-align: center;width: 16px;border: none;}
table.ScrollbarTable td.ScrollbarPrevName {text-align: left;border: none;}
table.ScrollbarTable td.ScrollbarParent {text-align: center;border: none;}
table.ScrollbarTable td.ScrollbarNextName {text-align: right;border: none;}
table.ScrollbarTable td.ScrollbarNextIcon {text-align: center;width: 16px;border: none;}

/*]]>*/</style><div class="Scrollbar"><table class='ScrollbarTable'><tr><td
width='33%' class='ScrollbarPrevName'>&nbsp;</td><td width='33%' class='ScrollbarParent'><sup><a
href="/confluence/display/GMOxDOC30/Administering+Security"><img border='0' align='middle'
src='/confluence/images/icons/up_16.gif' width='8' height='8'></a></sup><a
href="/confluence/display/GMOxDOC30/Administering+Security">Administering Security</a></td><td
width='33%' class='ScrollbarNextName'>&nbsp;<a href="/confluence/display/GMOxDOC30/Administering+security+realms">Administering
security realms</a></td><td class='ScrollbarNextIcon'><a href="/confluence/display/GMOxDOC30/Administering+security+realms"><img
border='0' align='middle' src='/confluence/images/icons/forwd_16.gif' width='16' height='16'></a></td></tr></table></div>

<p>This section is about how to administer certificates from the administration console.</p>

<p>To administer SSL certificates, the <b>Keystore Configuration</b> portlet
is available by selecting <b>Keystore</b> on the <b>Console Navigation</b>
menu on the left side. From this portlet, you can either import an existing certificate or
create a new certificate request.</p>

<p><span class="image-wrap" style=""><img src="/confluence/download/attachments/20645334/consoleKeystoreConfig.png?version=1&amp;modificationDate=1203601771000"
style="border: 0px solid black" /></span></p>

<p>The certificates in Geronimo are stored in a keystore located in <tt>&lt;geronimo_home&gt;\var\security\keystores\geronimo-default</tt>.</p>

<p>If you want to use a different keystore other than the one provided by default, you
can create one by clicking <b>New Keystore</b>. You will be prompted with a keystore
name and a password, enter those values and click <b>Create Keystore</b>. For
this example, the keystore is named sample_keystore.</p>

<p>The keystore you just created does not yet contain any certificates nor key as depicted
in the following figure. Also note that the keystore is by default locked, that is the closed
lock in the <b>Available</b> column. After you create the certificate, you will
need to click on the lock to make that certificate available, and you will be prompted with
the passwords for the keystore and certificate.</p>

<p><span class="image-wrap" style=""><img src="/confluence/download/attachments/20645334/consoleKeystoreCreate.png?version=1&amp;modificationDate=1203601771000"
style="border: 0px solid black" /></span></p>

<p>To create a private key, click the keys on the keystore you just created and then
click on <b>Create Private Key</b>. Enter valid data in the appropriate field
data.</p>

<p><span class="image-wrap" style=""><img src="/confluence/download/attachments/20645334/consoleKeystoreCreateKey.png?version=1&amp;modificationDate=1203601771000"
style="border: 0px solid black" /></span></p>

<p>Click on <b>Review Key Data</b> and then on <b>Generate Key</b>.
You should now see the key you just generated listed in the Keystore Configuration portlet.</p>

<p><span class="image-wrap" style=""><img src="/confluence/download/attachments/20645334/consoleKeystoreContents.png?version=1&amp;modificationDate=1203601771000"
style="border: 0px solid black" /></span></p>

<p>You now can use that certificate by configuring an HTTPS connector as described in<br/>
<a href="http://cwiki.apache.org/GMOxDOC22/adding-new-listeners-for-the-web-containers.html"
class="external-link" rel="nofollow">http://cwiki.apache.org/GMOxDOC22/adding-new-listeners-for-the-web-containers.html</a>.
Remember to make the certificate and keystore available by clicking on the "lock". For this
example we have modified the existing TomcatWebSSLConnector, we specified the new keystore
and saved the configuration.</p>

<p>For this configuration to take effect you need to restart the connector. Click on
the <b>stop</b> link corresponding to the network listener you just updated, in
this case TomcatWebSSLConnector, and then click on <b>start</b>. Now this connector
is using the new keystore and certificate.</p>

<p><span class="image-wrap" style=""><img src="/confluence/download/attachments/20645334/consoleKeyStoreConnector.png?version=1&amp;modificationDate=1203601771000"
style="border: 0px solid black" /></span></p>

<p>If you now point your browser to that particular port you should see the server is
using the certificate you created previously. For this example, as we are using the existing
SSL connector, we point the browser to:</p>

<p><a href="https://localhost:8443/console" class="external-link" rel="nofollow">https://localhost:8443/console</a></p>

<p><span class="image-wrap" style=""><img src="/confluence/download/attachments/20645334/consoleCertificate.gif?version=1&amp;modificationDate=1203601903000"
style="border: 0px solid black" /></span></p>
    </div>
        <div id="commentsSection" class="wiki-content pageSection">
        <div style="float: right;">
            <a href="https://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
        </div>
        <a href="https://cwiki.apache.org/confluence/display/GMOxDOC30/Administering+certificates">View
Online</a>
        |
        <a href="https://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=20645334&revisedVersion=2&originalVersion=1">View
Changes</a>
                |
        <a href="https://cwiki.apache.org/confluence/display/GMOxDOC30/Administering+certificates?showComments=true&amp;showCommentArea=true#addcomment">Add
Comment</a>
            </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message