geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy" <c1vams...@gmail.com>
Subject Re: use https if I have already
Date Sat, 09 Feb 2008 00:06:24 GMT
Hello,

The domainname.key contains your private key.  You should never send that
file to anyone, not even to buy a certificate.  You would have sent
domainname.csr to buy your certificate from trustico.com.  You must have
received a file containing a certificate from trustico.com.  The file would
contain a text like:
-----BEGIN CERTIFICATE-----
MIICQDCCAaugAwIBAgIBATALBgkqhkiG9w0BAQQwTjELMAkGA1UEAxMCb2sxCzAJBgNVBAsTAm9r
....
V1z4O70HYTLLHA==
-----END CERTIFICATE-----

Save that file as domainname.cer.  You will now need to create a keystore
file using the following command:
openssl pkcs12 -inkey domainname.key -in domainname.cer -export -out
domainname.pkcs12

When the command asks for password, please provide a password to secure your
private key and keystore.  Provide the same password each time it prompts.
Once the command completes, you will see a file domainname.pkcs12 . This is
a keystore containing both your private key and the certificate you received
from trustico.com.  This is a keystore of type PKCS12.  OpenSSL does not
support JKS keystores which the type required by Geronimo 2.0.x and older
versions.

Managing PKCS12 keystores is supported only in 2.1 of Geronimo.  However
PKCS12 keystores can be used for configuring HTTPS in Geronimo Tomcat
distribution 2.0.x.  Copy domainname.pkcs12 to <geronimo_home>/var/security
.  Once this is done, you can edit the HTTPS connector from admin console to
use your keystore instead of geronimo-default.  The fields you will need to
modify are:
1. *keystoreFile : var/security/domainname.pkcs12
2. *keystorePass:  <the password you entered with openssl pkcs12... command>
3. keystoreType: PKCS12

Once this is done, stop and start the HTTPS connector.  Your server should
now be using your new certificate.

++Vamsi
**
On Jan 20, 2008 3:50 PM, alpha_one_x86 <alpha.super-one@laposte.net> wrote:

>
> I have generated my certificat and keyfile for apache 2.2 for do https by:
> openssl genrsa -out domainname.key 1024
> and
> openssl req -new -key domainname.key -out domainname.csr
> I have found Keystores categorie. But I don't find how import my
> domainname.key and my domainname.csr generated by previous command.
> Can you help me? Thanks you.
> --
> View this message in context:
> http://www.nabble.com/use-https-if-I-have-already-tp14980201s134p14980201.html
> Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
>
>

Mime
View raw message