tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jfcl...@apache.org
Subject cvs commit: jakarta-tomcat-4.0/webapps/tomcat-docs ssl-howto.xml
Date Fri, 08 Feb 2002 17:51:05 GMT
jfclere     02/02/08 09:51:05

  Modified:    webapps/tomcat-docs ssl-howto.xml
  Log:
  Add How to install a certificate singed by a certificate authority.
  Submitted by:	pero, pero@antaramusic.de
  
  Revision  Changes    Path
  1.11      +48 -0     jakarta-tomcat-4.0/webapps/tomcat-docs/ssl-howto.xml
  
  Index: ssl-howto.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/tomcat-docs/ssl-howto.xml,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- ssl-howto.xml	12 Nov 2001 21:03:49 -0000	1.10
  +++ ssl-howto.xml	8 Feb 2002 17:51:05 -0000	1.11
  @@ -363,6 +363,54 @@
   
   </section>
   
  +<section name="Installing a Certificate from a Certificate Authority">
  +<p>To obstain and install a Certificate from a Certificate Authority (like verisign.com,
thawte.com 
  +or trustcenter.de) you should have read the previous section and then follow these instructions:</p>
  +
  +<subsection name="Create a local Certificate Signing Request (CSR)">
  +<p>In order to obtain a Certificate from the Certificate Authority of your choice

  +you have to create a so called Certificate Signing Request (CSR). That CSR will be used

  +by the Certificate Authority to create a Certificate that will identify your website 
  +as "secure". To create a CSR follow these steps:</p>
  +<ul>
  +<li>Create a local Certificate (as described in the previous section):
  +	<source>keytool -genkey -alias tomcat -keyalg RSA \
  +	-keystore &lt;your_keystore_filename&gt;</source>
  +	Note: In some cases you will have to enter the domain of your website (i.e. <code>www.myside.org</code>)
  +	in the field "first- and lastname" in order to create a working Certificate. 
  +</li>
  +<li>The CSR is then created with:
  +	<source>keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr \
  +	-keystore &lt;your_keystore_filename&gt;</source>
  +</li>
  +</ul>
  +<p>Now you have a file called <code>certreq.csr</code> that you can submit
to the Certificate Authority (look at the
  +documenation of the Certificate Authority website on how to do this). In return you get
a Certificate.</p>
  +</subsection>
  +
  +<subsection name="Importing the Certificate">
  +<p>Now that you have your Certificate you can import it into you local keystore.

  +First of all you have to import a so called Chain Certificate or Root Certificate into
your keystore. 
  +After that you can procede with importing your Certificate.</p>
  +
  +<ul>
  +<li>Download a Chain Certificate from the Certificate Authority you obtained the
Certificate from.<br/>
  +	For Verisign.com go to: http://www.verisign.com/support/install/intermediate.html<br/>
  +	For Trustcenter.de go to: http://www.trustcenter.de/certservices/cacerts/en/en.htm#server<br/>
  +	For Thawte.com go to: http://www.thawte.com/certs/trustmap.html<br/>
  +</li>
  +<li>Import the Chain Certificate into you keystore
  +    <source>keytool -import -alias root -keystore &lt;your_keystore_filename&gt;
\
  +	-trustcacerts -file &lt;filename_of_the_chain_certificate&gt;</source>
  +</li>
  +<li>And finally import your new Certificate
  +	<source>keytool -import -alias tomcat -keystore &lt;your_keystore_filename&gt;
\
  +	-trustcacerts -file &lt;your_certificate_filename&gt;</source>
  +</li>
  +</ul>
  +</subsection>
  +</section>
  +
   <section name="Troubleshooting">
   
   <p>Here is a list of common problems that you may encounter when setting up
  
  
  

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message