|
SSL certificate.
How to setup SSL certificates for tomcat? I have cert files. How to check which site is running on the tomcat ?
Thanks, |
Quote:
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html Quote:
|
The scenario is that I got directory which have 3 cert files + 1 DS_Store file(don't know abt ) . Now i have to import these certs on the tomcat server. Can you please help me on this. Do i need to create the keystore and csr file. Please suggest me so i can import these certificates in my running tomcat server.
Thanks, |
Quote:
|
Thanks for replying. After reading the document. I have done the following.
----Created Keystore-------- [root@localhost apache-tomcat-6.0.36]# $JAVA_HOME/bin/keytool -genkey -alias TESTING_KEYSTORE -keyalg RSA -keystore /opt/apache-tomcat-6.0.36/keystore_testing Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: Mohit Vadhera What is the name of your organizational unit? [Unknown]: Test_company What is the name of your organization? [Unknown]: Test_company_unit What is the name of your City or Locality? [Unknown]: ^C[root@localhost apache-tomcat-6.0.36]# $JAVA_HOME/bin/keytool -genkey -alias TESTING_KEYSTORE -keyalg RSA -keystore /opt/apache-tomcat-6.0.36/keystore_testing Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: Mohit Vadhera What is the name of your organizational unit? [Unknown]: Test_company What is the name of your organization? [Unknown]: Test_company_unit What is the name of your City or Locality? [Unknown]: Delhi What is the name of your State or Province? [Unknown]: Delhi What is the two-letter country code for this unit? [Unknown]: in Is CN=Mohit Vadhera, OU="Test_company ", O=Test_company_unit, L=Delhi, ST=Delhi, C=in correct? [no]: yes Enter key password for <TESTING_KEYSTORE> (RETURN if same as keystore password): [root@localhost tmp]# keytool -import -alias root -keystore /opt/apache-tomcat-6.0.36/keystore_testing -trustcacerts -file /path_to_cert_file [root@localhost tmp]# keytool -import -alias opera -keystore /opt/apache-tomcat-6.0.36/keystore_testing -file /path_to_cert_file ADded connector information in server.xml and restarted tomcat <Connector port="8443" maxThreads="150" scheme="https" secure="true" SSLEnabled="true" keystoreFile="/opt/apache-tomcat-6.0.36/keystore_testing" keystorePass="TESTING_KEYSTORE" clientAuth="false" keyAlias="TESTING_KEYSTORE" sslProtocol="TLS"/> But when I access the url:https://$ip:8443 . I get the certification information on browser that i used to create CSR not for the domain and the expiry date shows 3 months from today. but the actual expiry date of the certs are in 2016 after 3 yrs. Can you please help me now. Thanks, |
Quote:
You created brand new certificates, rather than just importing the ones you had. Unless you pay attention to the steps of the instructions and what they do, things won't work right. Go back, re-read (and pay attention to), the instructions. All you have to do is import your certificates. |
As per my understanding Keystore is a file that keeps your certificate encrypted so keystore is mandatory. I created keystore then imported certificates. Please correct me if i am wrong.
|
Can anybody help on this plz ?
|
Quote:
Since you're in such a hurry, I will AGAIN suggest you read/understand the instructions you have been given. You're not following them. Also, you still haven't said which version/distro of Linux you're using. And where did you get the certificates/csr's to start with? Are they self-generated or purchased? There are different instructions for installing a purchased one versus a self-generated. |
| All times are GMT -5. The time now is 11:19 PM. |