Import trustued SSL Cert
Can you guys give us Step by step instructions on requesting CSR for a commercial cert for the Cascade stage server, and importing the Commercial cert into tomcat for SSL usage. Do we have to use the "changeit" password with the CSR ?
We have used the following SSL commands from KB and created a self signed Cert. However we are planning to use a trusted SSL cert for the server.
* Shut down Cascade Server
* Create a keystore (from http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html):
* Execute the following command:
Windows: %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
Unix: $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
o For the password, enter “changeit”
(Windows: the .keystore file can typically be found in the Documents and Settings folder under the user's sub folder; eg, C:\Documents and Settings\Administrator)
(Linux: the .keystore file can typically be found in the home directory of the user who created it; eg, /home/user)
*
Edit the file server.xml (found in \tomcat\conf)
- Uncomment the area for SSL/TLS Connector configuration
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
*
Add the keystoreFile and keystorePass attributes to the <Connector> element and specify the location of the keystore along with the password:
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/path/to/keystore"
keystorePass="somePassword" />
*
* Start Cascade Server – it should now be accessible through https://{host}:8443
NOTE: If both the HTTP/1.1 Connector and the SSL/TLS Connector sections are left uncommented, users will still be able to access the site through port 8080. This can be changed by:
Commenting out the HTTP/1.1 Connector section in 'server.xml'
OR
Forcing Tomcat over SSL. To do this, enter the following code
into 'web.xml', just before the closing element (web.xml is located
in \tomcat\conf):
view plainprint?
- <!-- Force SSL for entire site -->
- Cascade Server
- /*
- CONFIDENTIAL
Thanks !
Discussions are closed to public comments.
If you need help with Cascade CMS please
start a new discussion.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
1 Posted by Joel on 20 Oct, 2011 08:12 PM
Hi,
To use a trusted certificate, please follow the directions below within the link below.
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Installing_a...
You do not have to use "changeit" for the password for the CSR, nor the keystore. The keystore password just has to be supplied to Tomcat within server.xml in the "keystorePass" field.
Thanks!
Joel closed this discussion on 25 Oct, 2011 02:05 PM.