geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Geronimo v3.0 > Administering certificates
Date Mon, 31 Jan 2011 05:57:00 GMT
<html>
<head>
    <base href="https://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/2036/9/4/_/styles/combined.css?spaceKey=GMOxDOC30&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="https://cwiki.apache.org/confluence/display/GMOxDOC30/Administering+certificates">Administering
certificates</a></h2>
    <h4>Page <b>edited</b> by             <a href="https://cwiki.apache.org/confluence/display/~maojia508">maojia</a>
    </h4>
        <br/>
                         <h4>Changes (10)</h4>
                                 
    
<div id="page-diffs">
                    <table class="diff" cellpadding="0" cellspacing="0">
    
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" >!consoleKeystoreCreate.png! <br>
<br></td></tr>
            <tr><td class="diff-deleted-lines" style="color:#999;background-color:#fdd;text-decoration:line-through;">To
create a private key, click the keys on the keystore you just created and then click on *Create
Private Key*. Enter valid data in the appropriate field data. <br></td></tr>
            <tr><td class="diff-added-lines" style="background-color: #dfd;">To
create a private key, click the keystore you just created and on the next page click *Create
Private Key*. Enter valid data in the appropriate field. <br></td></tr>
            <tr><td class="diff-unchanged" > <br>!consoleKeystoreCreateKey.png!
<br> <br></td></tr>
            <tr><td class="diff-deleted-lines" style="color:#999;background-color:#fdd;text-decoration:line-through;">Click
on *Review Key Data* and then on *Generate Key*. You should now see the key you just generated
listed in the Keystore Configuration portlet. <br></td></tr>
            <tr><td class="diff-added-lines" style="background-color: #dfd;">Click
*Review Key Data* and on the next page click *Generate Key*. You should now see the key you
just generated listed in the Keystore. <br></td></tr>
            <tr><td class="diff-unchanged" > <br>!consoleKeystoreContents.png!
<br> <br></td></tr>
            <tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">You
now</span> <span class="diff-added-words"style="background-color: #dfd;">Now you</span>
can use <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">that
certificate</span> <span class="diff-added-words"style="background-color: #dfd;">this
key</span> by configuring an HTTPS connector as described in <br></td></tr>
            <tr><td class="diff-deleted-lines" style="color:#999;background-color:#fdd;text-decoration:line-through;">[http://cwiki.apache.org/GMOxDOC22/adding-new-listeners-for-the-web-containers.html].
Remember to make the certificate and keystore available by clicking on the &quot;lock&quot;.
For this example we have modified the existing TomcatWebSSLConnector, we specified the new
keystore and saved the configuration. <br></td></tr>
            <tr><td class="diff-added-lines" style="background-color: #dfd;">[https://cwiki.apache.org/confluence/display/GMOxDOC30/Add+new+HTTPS+listener].
Remember to make the certificate and keystore available by clicking the &quot;lock&quot;
icon. For this example, you can modified the existing TomcatWebSSLConnector, specified the
new keystore and saved the configuration. <br></td></tr>
            <tr><td class="diff-unchanged" > <br></td></tr>
            <tr><td class="diff-changed-lines" >For this configuration to take
<span class="diff-changed-words">effect<span class="diff-added-chars"style="background-color:
#dfd;">,</span></span> you need to restart the connector. Click <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">on</span>
the *stop* link corresponding to the network listener you just updated, in this case TomcatWebSSLConnector,
and then click <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">on</span>
*start*. Now this connector is using the new keystore and certificate. <br></td></tr>
            <tr><td class="diff-unchanged" > <br>!consoleKeystoreConnector.png!
<br> <br></td></tr>
            <tr><td class="diff-deleted-lines" style="color:#999;background-color:#fdd;text-decoration:line-through;">If
you now point your browser to that particular port you should see the server is using the
certificate you created previously. For this example, as we are using the existing SSL connector,
we point the browser to: <br></td></tr>
            <tr><td class="diff-added-lines" style="background-color: #dfd;">If
you now point your browser to that particular port, you should see the server is using the
certificate you created. For this example, because you are using the existing SSL connector,
point your browser to: <br></td></tr>
            <tr><td class="diff-unchanged" > <br>https://localhost:8443/console
<br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
    
            </table>
    </div>                            <h4>Full Content</h4>
                    <div class="notificationGreySide">
        <style type='text/css'>/*<![CDATA[*/
table.ScrollbarTable  {border: none;padding: 3px;width: 100%;padding: 3px;margin: 0px;background-color:
#f0f0f0}
table.ScrollbarTable td.ScrollbarPrevIcon {text-align: center;width: 16px;border: none;}
table.ScrollbarTable td.ScrollbarPrevName {text-align: left;border: none;}
table.ScrollbarTable td.ScrollbarParent {text-align: center;border: none;}
table.ScrollbarTable td.ScrollbarNextName {text-align: right;border: none;}
table.ScrollbarTable td.ScrollbarNextIcon {text-align: center;width: 16px;border: none;}

/*]]>*/</style><div class="Scrollbar"><table class='ScrollbarTable'><tr><td
width='33%' class='ScrollbarPrevName'>&nbsp;</td><td width='33%' class='ScrollbarParent'><sup><a
href="/confluence/display/GMOxDOC30/Administering+Security"><img border='0' align='middle'
src='/confluence/images/icons/up_16.gif' width='8' height='8'></a></sup><a
href="/confluence/display/GMOxDOC30/Administering+Security">Administering Security</a></td><td
width='33%' class='ScrollbarNextName'>&nbsp;<a href="/confluence/display/GMOxDOC30/Administering+security+realms">Administering
security realms</a></td><td class='ScrollbarNextIcon'><a href="/confluence/display/GMOxDOC30/Administering+security+realms"><img
border='0' align='middle' src='/confluence/images/icons/forwd_16.gif' width='16' height='16'></a></td></tr></table></div>

<p>This section is about how to administer certificates from the administration console.</p>

<p>To administer SSL certificates, the <b>Keystore Configuration</b> portlet
is available by selecting <b>Keystore</b> on the <b>Console Navigation</b>
menu on the left side. From this portlet, you can either import an existing certificate or
create a new certificate request.</p>

<p><span class="image-wrap" style=""><img src="/confluence/download/attachments/20645334/consoleKeystoreConfig.png?version=1&amp;modificationDate=1203601771000"
style="border: 0px solid black" /></span></p>

<p>The certificates in Geronimo are stored in a keystore located in <tt>&lt;geronimo_home&gt;\var\security\keystores\geronimo-default</tt>.</p>

<p>If you want to use a different keystore other than the one provided by default, you
can create one by clicking <b>New Keystore</b>. You will be prompted with a keystore
name and a password, enter those values and click <b>Create Keystore</b>. For
this example, the keystore is named sample_keystore.</p>

<p>The keystore you just created does not yet contain any certificates nor key as depicted
in the following figure. Also note that the keystore is by default locked, that is the closed
lock in the <b>Available</b> column. After you create the certificate, you will
need to click on the lock to make that certificate available, and you will be prompted with
the passwords for the keystore and certificate.</p>

<p><span class="image-wrap" style=""><img src="/confluence/download/attachments/20645334/consoleKeystoreCreate.png?version=1&amp;modificationDate=1203601771000"
style="border: 0px solid black" /></span></p>

<p>To create a private key, click the keystore you just created and on the next page
click <b>Create Private Key</b>. Enter valid data in the appropriate field.</p>

<p><span class="image-wrap" style=""><img src="/confluence/download/attachments/20645334/consoleKeystoreCreateKey.png?version=1&amp;modificationDate=1203601771000"
style="border: 0px solid black" /></span></p>

<p>Click <b>Review Key Data</b> and on the next page click <b>Generate
Key</b>. You should now see the key you just generated listed in the Keystore.</p>

<p><span class="image-wrap" style=""><img src="/confluence/download/attachments/20645334/consoleKeystoreContents.png?version=1&amp;modificationDate=1203601771000"
style="border: 0px solid black" /></span></p>

<p>Now you can use this key by configuring an HTTPS connector as described in<br/>
<a href="https://cwiki.apache.org/confluence/display/GMOxDOC30/Add+new+HTTPS+listener"
class="external-link" rel="nofollow">https://cwiki.apache.org/confluence/display/GMOxDOC30/Add+new+HTTPS+listener</a>.
Remember to make the certificate and keystore available by clicking the "lock" icon. For this
example, you can modified the existing TomcatWebSSLConnector, specified the new keystore and
saved the configuration.</p>

<p>For this configuration to take effect, you need to restart the connector. Click the
<b>stop</b> link corresponding to the network listener you just updated, in this
case TomcatWebSSLConnector, and then click <b>start</b>. Now this connector is
using the new keystore and certificate.</p>

<p><span class="image-wrap" style=""><img src="/confluence/download/attachments/20645334/consoleKeyStoreConnector.png?version=1&amp;modificationDate=1203601771000"
style="border: 0px solid black" /></span></p>

<p>If you now point your browser to that particular port, you should see the server
is using the certificate you created. For this example, because you are using the existing
SSL connector, point your browser to:</p>

<p><a href="https://localhost:8443/console" class="external-link" rel="nofollow">https://localhost:8443/console</a></p>

<p><span class="image-wrap" style=""><img src="/confluence/download/attachments/20645334/consoleCertificate.gif?version=1&amp;modificationDate=1203601903000"
style="border: 0px solid black" /></span></p>
    </div>
        <div id="commentsSection" class="wiki-content pageSection">
        <div style="float: right;">
            <a href="https://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
        </div>
        <a href="https://cwiki.apache.org/confluence/display/GMOxDOC30/Administering+certificates">View
Online</a>
        |
        <a href="https://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=20645334&revisedVersion=3&originalVersion=2">View
Changes</a>
                |
        <a href="https://cwiki.apache.org/confluence/display/GMOxDOC30/Administering+certificates?showComments=true&amp;showCommentArea=true#addcomment">Add
Comment</a>
            </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message