Import trustued SSL Cert

Kishore Thakur's Avatar

Kishore Thakur

13 Jan, 2011 03:11 PM

Can you guys give us Step by step instructions on requesting CSR for a commercial cert for the Cascade stage server, and importing the Commercial cert into tomcat for SSL usage. Do we have to use the "changeit" password with the CSR ?

We have used the following SSL commands from KB and created a self signed Cert. However we are planning to use a trusted SSL cert for the server.

* Shut down Cascade Server
* Create a keystore (from http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html):
* Execute the following command:

       Windows: %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA

       Unix: $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
      o For the password, enter “changeit”

  (Windows: the .keystore file can typically be found in the Documents and Settings folder under the user's sub folder; eg, C:\Documents and Settings\Administrator)
  (Linux: the .keystore file can typically be found in the home directory of the user who created it; eg, /home/user)
*

  Edit the file server.xml (found in \tomcat\conf)

  - Uncomment the area for SSL/TLS Connector configuration

  <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
     <Connector port="8443" maxHttpHeaderSize="8192"
          maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
          enableLookups="false" disableUploadTimeout="true"
          acceptCount="100" scheme="https" secure="true"
          clientAuth="false" sslProtocol="TLS" />
*

  Add the keystoreFile and keystorePass attributes to the <Connector> element and specify the location of the keystore along with the password:

      <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
         <Connector port="8443" maxHttpHeaderSize="8192"
          maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
          enableLookups="false" disableUploadTimeout="true"
          acceptCount="100" scheme="https" secure="true"
          clientAuth="false" sslProtocol="TLS"
          keystoreFile="/path/to/keystore"
          keystorePass="somePassword" />

*
* Start Cascade Server – it should now be accessible through https://{host}:8443

NOTE: If both the HTTP/1.1 Connector and the SSL/TLS Connector sections are left uncommented, users will still be able to access the site through port 8080. This can be changed by:

Commenting out the HTTP/1.1 Connector section in 'server.xml'

        OR

Forcing Tomcat over SSL. To do this, enter the following code into 'web.xml', just before the closing element (web.xml is located in \tomcat\conf):
view plainprint?

  1. <!-- Force SSL for entire site -->
  2. Cascade Server
  3. /*
  4. CONFIDENTIAL

Thanks !

  1. 1 Posted by Joel on 20 Oct, 2011 08:12 PM

    Joel's Avatar

    Hi,

    To use a trusted certificate, please follow the directions below within the link below.

    http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Installing_a...

    You do not have to use "changeit" for the password for the CSR, nor the keystore. The keystore password just has to be supplied to Tomcat within server.xml in the "keystorePass" field.

    Thanks!

  2. Joel closed this discussion on 25 Oct, 2011 02:05 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac