tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Victoria Johnson - Kio <>
Subject Re: Generating a Keystore
Date Wed, 18 Apr 2012 16:07:45 GMT
Hello James,

Thanks for the info below, much appreciated

On Tue, Apr 17, 2012 at 9:31 PM, James Lampert <>wrote:

> Victoria Johnson - Kio wrote:
>  > The text on Apache is really confusing me about setting up SSL on
> Tomcat,
>> what do I do with this command
>> %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
> Well, first you need to be sure you're NOT running this on an AS/400. For
> some reason, Keytool is broken under OS/400.
> At any rate, you need to find out where Java is on the computer you're
> using, and put it into your executable path.
> Then you call the Keytool command:
> keytool -genkey -keystore <whatever you want to call your keystore> -alias
> <whatever alias you wish to use> -keyalg RSA [-keysize <keylength>]
> or for a more concrete example,
> -genkey -keystore foo.ks -alias bar -keyalg RSA -keysize 2048
> You will be prompted for a password; the default for Tomcat is "changeit";
> you should probably give it this password unless you have a reason to do
> otherwise.
> You will be prompted for a "first and last name." DON'T give it that. Give
> it the URL of your website, e.g., "" so that people don't
> get "certificate is for the wrong domain" warnings in their browsers.
> You will be prompted for the particulars of who you are and where you are.
> These are important if you plan on having it signed by a CA, so that people
> don't get "self-signed certificate" warnings in their browsers.
> Once you have a keystore, you can hook it to your Tomcat server by editing
> the server.xml file.
> --
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.**<>
> For additional commands, e-mail:

Victoria Captain Johnson-Kio
Here's my professional profile
Personal Impact <> on Twitter, and some
fun <> things I do at facebook

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message