tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "charles doweary" <>
Subject IIS 6.0, SSL, and Tomcat 5.0 set up problem.
Date Fri, 12 Nov 2004 19:10:31 GMT
I am running IIS 6.0 with Tomcat 5.0 on Windows Server 2003, and I am having 
a problem getting SSL to work.  The following instructions are a portion of 
the article titled "TOMCAT and SSL", and I have a questions about  "Do: 
keytool -genkey -alias tomcat -keyalg RSA".

Where is this command typed into the system?
Where do I key this information into the system?
Are the commands entered in DOS?

I have JSSE installed and the 3 jar files are in place in my CLASSPATH and 

IIS has a wizard that I use to create certificates and it does not permit me 
to enter the keytool parameters.

I guess my next questions are:
How do I created a certificate in my environment without using the wizard?
Have the steps changed to get SSL to work in version 6.0 of IIS and version 
5.0.28 of Tomcat?
And if so, what steps do I now need to take to set this up properly?

Your help in my setup issue is greatly apprieciated.


Generate a SSL certificate (RSA) for tomcat

I succeed (at least) with my IBM JDK 1.3 after:

jsse jars MUST BE IN BOTH CLASSPATH and $JAVA_HOME/jre/lib/ext (JAVA > 1.2)
from server.xml doc.You _need_ to set up a server certificate if you want 
this to work, and you need JSSE.
Edit $JAVA_HOME/jre/lib/security/
Do: keytool -genkey -alias tomcat -keyalg RSA
RSA is essential to work with Netscape and IIS. Use "changeit" as password 
(or add keypass attribute). You don't need to sign the certificate. You can 
set parameter keystore and keypass if you want to change the default 
($HOME/.keystore with changeit)
I suggest you install jcert.jar, jnet.jar and jsse.jar in 
$JAVA_HOME/jre/lib/ext and then add them to your CLASSPATH export

export CLASSPATH=$JAVA_HOME/jre/lib/ext/jnet.jar:$CLASSPATH
export CLASSPATH=$JAVA_HOME/jre/lib/ext/jsse.jar:$CLASSPATH

You could also copy the 3 jars into $TOMCAT_HOME/lib/ so they are under the 
existing CLASSPATH at tomcat startup (

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message