Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org Received: (qmail 66159 invoked from network); 2 Feb 2002 00:13:36 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 2 Feb 2002 00:13:36 -0000 Received: (qmail 3719 invoked by uid 97); 2 Feb 2002 00:13:33 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-dev@jakarta.apache.org Received: (qmail 3691 invoked by uid 97); 2 Feb 2002 00:13:32 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 3680 invoked from network); 2 Feb 2002 00:13:32 -0000 From: "pero" To: Subject: [PATCH] RETRY: Tomcat 4.0 Docs SSL-Howto Date: Sat, 2 Feb 2002 01:13:14 +0100 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_005A_01C1AB86.CA227DF0" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N ------=_NextPart_000_005A_01C1AB86.CA227DF0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Hi there, I posted this patch a while ago. Noone applied it, so I'm wondering if it is too bad or if you are to busy (somehow I hope the last thing :) I did a new "diff" against the latest version (see attachment). Any comments are welcome! cheers pero -----Original Message----- From: pero [mailto:pero@antaramusic.de] Sent: Saturday, December 15, 2001 1:48 AM To: Tomcat Developers List Subject: [PATCH] Tomcat 4.0 Docs SSL-Howto Hi, last summer I posted a step-by-step instruction on how to install a certificate from a certificate authority (such as verisign, thawte...) to both tomcat-4 lists. Until now I got several (partly private) responses regarding this issue and there are questions dealing with that topic on the mailinglist, too. So I decided to contribute my documentation and put it into the ssl-howto.xml found in the webapps/tomcat-docs directory. I hope this patch helps some people out of this partly weird procedure of installing a trusted certificate. I appended a "diff -u", which I thought is the standard format you use here (you see, it's my first patch :). I tried to follow all kinds of guidelines I could figure out, but if something's wrong - let me know! If there are any further questions or comments - just hit "reply"... cheers, pero ------=_NextPart_000_005A_01C1AB86.CA227DF0 Content-Type: application/octet-stream; name="ssl-howto.diff" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="ssl-howto.diff" RCS file: = /home/cvspublic/jakarta-tomcat-4.0/webapps/tomcat-docs/ssl-howto.xml,v=0A= retrieving revision 1.10=0A= diff -u -r1.10 ssl-howto.xml=0A= --- ssl-howto.xml 12 Nov 2001 21:03:49 -0000 1.10=0A= +++ ssl-howto.xml 2 Feb 2002 00:07:17 -0000=0A= @@ -363,6 +363,54 @@=0A= =0A= =0A= =0A= +
=0A= +

To obstain and install a Certificate from a Certificate Authority = (like verisign.com, thawte.com =0A= +or trustcenter.de) you should have read the previous section and then = follow these instructions:

=0A= +=0A= +=0A= +

In order to obtain a Certificate from the Certificate Authority of = your choice =0A= +you have to create a so called Certificate Signing Request (CSR). That = CSR will be used =0A= +by the Certificate Authority to create a Certificate that will identify = your website =0A= +as "secure". To create a CSR follow these steps:

=0A= +
    =0A= +
  • Create a local Certificate (as described in the previous section):=0A= + keytool -genkey -alias tomcat -keyalg RSA \=0A= + -keystore <your_keystore_filename>=0A= + Note: In some cases you will have to enter the domain of your website = (i.e. www.myside.org)=0A= + in the field "first- and lastname" in order to create a working = Certificate. =0A= +
    • =0A= +
  • The CSR is then created with:=0A= + keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr \=0A= + -keystore <your_keystore_filename>=0A= +
    • =0A= +
=0A= +

Now you have a file called certreq.csr that you can = submit to the Certificate Authority (look at the=0A= +documenation of the Certificate Authority website on how to do this). = In return you get a Certificate.

=0A= +=0A= +=0A= +=0A= +

Now that you have your Certificate you can import it into you local = keystore. =0A= +First of all you have to import a so called Chain Certificate or Root = Certificate into your keystore. =0A= +After that you can procede with importing your Certificate.

=0A= +=0A= +
    =0A= +
  • Download a Chain Certificate from the Certificate Authority you = obtained the Certificate from.
    =0A= + For Verisign.com go to: = http://www.verisign.com/support/install/intermediate.html
    =0A= + For Trustcenter.de go to: = http://www.trustcenter.de/certservices/cacerts/en/en.htm#server
    =0A= + For Thawte.com go to: http://www.thawte.com/certs/trustmap.html
    =0A= +
    • =0A= +
  • Import the Chain Certificate into you keystore=0A= + keytool -import -alias root -keystore = <your_keystore_filename> \=0A= + -trustcacerts -file <filename_of_the_chain_certificate>=0A= +
    • =0A= +
  • And finally import your new Certificate=0A= + keytool -import -alias tomcat -keystore = <your_keystore_filename> \=0A= + -trustcacerts -file <your_certificate_filename>=0A= +
    • =0A= +
=0A= +=0A= +
=0A= +=0A=
=0A= =0A=

Here is a list of common problems that you may encounter when = setting up=0A= ------=_NextPart_000_005A_01C1AB86.CA227DF0 Content-Type: text/plain; charset=us-ascii -- To unsubscribe, e-mail: For additional commands, e-mail: ------=_NextPart_000_005A_01C1AB86.CA227DF0--