tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From t.riteshme...@iflexsolutions.com
Subject RE: SSL certificate help!
Date Tue, 07 May 2002 09:33:30 GMT
Hi Raj,

thanks for your detailed mail which was very helpful. I had followed the
same.,
but i had another question. The certificate from verisign has been placed
as instructed , but how do i enable the client i.e browser in my case for
the
same . does anything specific has to be done?

prior to doing this, i was using a self-signed certificate, which the
browser still
reads. how to make the browser know abt the verisign cert? hope u got
the point. 
thanx in advance....

Ritesh

-----Original Message-----
From: Raja Sekhar [mailto:alekya_raj1@eudoramail.com]
Sent: Monday, May 06, 2002 5:30 PM
To: Tomcat Users List
Subject: Re: SSL certificate help!


Hi,

Follow these steps to configure your digital id

1. generate a local certificate:
   keytool -genkey -alias tomcat -keyalg RSA -keystore <myfile> where
<myfile> is the name of the desired keystore-file

2. generate the CSR (you need it to request your (demo)certificate)
   keytool -certreq -keyalg RSA -alias tomcat -file certreq.pem
-keystore
<myfile>
   now you have a file called "certreq.pem". Send this to your
trustcenter.

Note : You can skip steps 1 & 2 becoz u said, u already got a verisign
certificate. But make sure that u have done these steps only to send your
demo cert. to verisign.

3. Goto verisign & download TrustedCA Root Certificate which they give for
the browser. The downloaded file name would be getcacert. Now use the
following command to import that into trust store

keytool -import -alias root -keystore <myfile> -trustcacerts -file
<root-cert-file>

4. Now import your verisign certificate with this command

keytool -import -alias tomcat -keystore <myfile> -trustcacerts -file
<received-cert-file>

With the above 4 steps, u r ready with your keystore. Now goto server.xml &
search for "        <Http10Connector  port="8443" secure="true" />"

Uncomment the above line & add the following changes

 <Http10Connector  port="8443" secure="true" 
  keystoreFile = "path of your keystore"
  keypass = "if u give anything other than changeit"
  socketFactory = "org.apache.tomcat.net.SSLSocketFactory"
/>

I think this should solve your problem. All the best.

Regards,

..Raj
--

On Mon, 6 May 2002 15:57:03    t.riteshmenon wrote:
>Hello all,
>
>I have got a  Trial SSL Server Digital ID from Verisign . I would like to
>know how to configure it with tomcat(3.2.1) . i'm trying to enable ssl
>with tomcat. 
>any help in this regard would be most welcome.
>
>thanks in advance
>Ritesh
>---------------------------------------------------------------------------
-
>This message contains privileged and confidential information and is
>intended only for the individual named.If you are not the intended
recipient
>you should not disseminate,distribute,store,print, copy or deliver this
>message.Please notify the sender immediately by e-mail if you have received
>this e-mail by mistake and delete this e-mail from your system.E-mail
>transmission cannot be guaranteed to be secure or error-free as information
>could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or
>contain viruses.The sender therefore does not accept liability for any
>errors or omissions in the contents of this message which arise as a result
>of e-mail transmission. If verification is required please request a
>hard-copy version.
>---------------------------------------------------------------------------
-
>
>--
>To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
>Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
>
>


Join 18 million Eudora users by signing up for a free Eudora Web-Mail
account at http://www.eudoramail.com

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
----------------------------------------------------------------------------
This message contains privileged and confidential information and is
intended only for the individual named.If you are not the intended recipient
you should not disseminate,distribute,store,print, copy or deliver this
message.Please notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.E-mail
transmission cannot be guaranteed to be secure or error-free as information
could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or
contain viruses.The sender therefore does not accept liability for any
errors or omissions in the contents of this message which arise as a result
of e-mail transmission. If verification is required please request a
hard-copy version.
----------------------------------------------------------------------------

--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message