tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jin H <h_j...@hotmail.com>
Subject Need help with SSL Certificate install on Tomcat 6.0.29 APR.
Date Tue, 19 Apr 2011 21:54:03 GMT

Hi.  We are a school running Tomcat 6.0.29 for Windows server 2003 with APR.  I currently
have an SSL certificate installed.  I'm trying to update it with the renewed SSL certificate
but I'm having no luck. 

Here are the commands I used to create the CSR.

in the jdk1.6.0_17\bin folder i used this command:

keytool -certreq -keyalg RSA -alias alias2011 -file cert.csr -keystore key2011.key -keysize
2048

It then asks for a password which i enter.

I generated the CSR and sent it to my SSL vendor.  They e-mailed my ssl certificate back to
me.
But they told me that I had to install 2 intermediate Certificate files.
I dowloaded a primary.crt and secondary.crt files from them.

I then ran this command to import the primary.crt

keytool -import -trustcacerts -alias primary -keystore key2011.key -file primary.crt

Then the secondary.crt

keytool -import -trustcacerts -alias secondary -keystore key2011.key -file secondary.crt

finally the SSL certificate they e-mailed back.

keytool -import -trustcacerts -alias alias2011 -keystore key2011.key -file 2011.crt

After this I copy the key2011.key and 2011.crt to the root of tomcat.

I edited server.xml to this:

<Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               SSLEnabled="true" 
               SSLCertificateFile="${catalina.home}/2011.crt"            
               SSLCertificateKeyFile="${catalina.home}/key2011.key"
               keystorePass="somethingkey"
               keyalias="alias2011" 
               SSLPassword="somethingkey"/>

I didn't know the difference between SSLPassword and keystorePass so I put both in there.
I never put a password for my previous ssl certificate and it worked so I'm confused why I
have to put one in now.

BTW here is the current server.xml that works with the about to expire SSL certificate.

<Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               SSLEnabled="true" 
               SSLCertificateFile="${catalina.home}/hostname.crt"            
               SSLCertificateKeyFile="${catalina.home}/hostname.key" />



Please help.  Thanks in advance.
 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message