tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject cvs commit: jakarta-tomcat-4.0/webapps/tomcat-docs ssl-howto.xml
Date Fri, 08 Feb 2002 17:51:05 GMT
jfclere     02/02/08 09:51:05

  Modified:    webapps/tomcat-docs ssl-howto.xml
  Add How to install a certificate singed by a certificate authority.
  Submitted by:	pero,
  Revision  Changes    Path
  1.11      +48 -0     jakarta-tomcat-4.0/webapps/tomcat-docs/ssl-howto.xml
  Index: ssl-howto.xml
  RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/tomcat-docs/ssl-howto.xml,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- ssl-howto.xml	12 Nov 2001 21:03:49 -0000	1.10
  +++ ssl-howto.xml	8 Feb 2002 17:51:05 -0000	1.11
  @@ -363,6 +363,54 @@
  +<section name="Installing a Certificate from a Certificate Authority">
  +<p>To obstain and install a Certificate from a Certificate Authority (like, 
  +or you should have read the previous section and then follow these instructions:</p>
  +<subsection name="Create a local Certificate Signing Request (CSR)">
  +<p>In order to obtain a Certificate from the Certificate Authority of your choice

  +you have to create a so called Certificate Signing Request (CSR). That CSR will be used

  +by the Certificate Authority to create a Certificate that will identify your website 
  +as "secure". To create a CSR follow these steps:</p>
  +<li>Create a local Certificate (as described in the previous section):
  +	<source>keytool -genkey -alias tomcat -keyalg RSA \
  +	-keystore &lt;your_keystore_filename&gt;</source>
  +	Note: In some cases you will have to enter the domain of your website (i.e. <code></code>)
  +	in the field "first- and lastname" in order to create a working Certificate. 
  +<li>The CSR is then created with:
  +	<source>keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr \
  +	-keystore &lt;your_keystore_filename&gt;</source>
  +<p>Now you have a file called <code>certreq.csr</code> that you can submit
to the Certificate Authority (look at the
  +documenation of the Certificate Authority website on how to do this). In return you get
a Certificate.</p>
  +<subsection name="Importing the Certificate">
  +<p>Now that you have your Certificate you can import it into you local keystore.

  +First of all you have to import a so called Chain Certificate or Root Certificate into
your keystore. 
  +After that you can procede with importing your Certificate.</p>
  +<li>Download a Chain Certificate from the Certificate Authority you obtained the
Certificate from.<br/>
  +	For go to:<br/>
  +	For go to:<br/>
  +	For go to:<br/>
  +<li>Import the Chain Certificate into you keystore
  +    <source>keytool -import -alias root -keystore &lt;your_keystore_filename&gt;
  +	-trustcacerts -file &lt;filename_of_the_chain_certificate&gt;</source>
  +<li>And finally import your new Certificate
  +	<source>keytool -import -alias tomcat -keystore &lt;your_keystore_filename&gt;
  +	-trustcacerts -file &lt;your_certificate_filename&gt;</source>
   <section name="Troubleshooting">
   <p>Here is a list of common problems that you may encounter when setting up

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message