LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   SSL certificate. (https://www.linuxquestions.org/questions/linux-newbie-8/ssl-certificate-4175456823/)

project.linux.proj 04-04-2013 06:06 AM

SSL certificate.
 
How to setup SSL certificates for tomcat? I have cert files. How to check which site is running on the tomcat ?

Thanks,

TB0ne 04-04-2013 09:19 AM

Quote:

Originally Posted by project.linux.proj (Post 4924901)
How to setup SSL certificates for tomcat? I have cert files.

Amazingly, putting "how to setup ssl certificates for tomcat" into Google pulls up this, as the very first hit:
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
Quote:

How to check which site is running on the tomcat?
If you're the server administrator, didn't you set up the sites??? You can either look at the entries in server.xml, or point your browser to http://localhost:8080/manager/html/list

project.linux.proj 04-19-2013 01:55 PM

The scenario is that I got directory which have 3 cert files + 1 DS_Store file(don't know abt ) . Now i have to import these certs on the tomcat server. Can you please help me on this. Do i need to create the keystore and csr file. Please suggest me so i can import these certificates in my running tomcat server.

Thanks,

TB0ne 04-19-2013 07:58 PM

Quote:

Originally Posted by project.linux.proj (Post 4934867)
The scenario is that I got directory which have 3 cert files + 1 DS_Store file(don't know abt ) . Now i have to import these certs on the tomcat server. Can you please help me on this. Do i need to create the keystore and csr file. Please suggest me so i can import these certificates in my running tomcat server.

Thanks,

I gave you a link to instructions on how to do it. So, READ the instructions, then FOLLOW the instructions.

project.linux.proj 04-20-2013 11:38 AM

Thanks for replying. After reading the document. I have done the following.

----Created Keystore--------
[root@localhost apache-tomcat-6.0.36]# $JAVA_HOME/bin/keytool -genkey -alias TESTING_KEYSTORE -keyalg RSA -keystore /opt/apache-tomcat-6.0.36/keystore_testing
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: Mohit Vadhera
What is the name of your organizational unit?
[Unknown]: Test_company
What is the name of your organization?
[Unknown]: Test_company_unit
What is the name of your City or Locality?
[Unknown]: ^C[root@localhost apache-tomcat-6.0.36]# $JAVA_HOME/bin/keytool -genkey -alias TESTING_KEYSTORE -keyalg RSA -keystore /opt/apache-tomcat-6.0.36/keystore_testing
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: Mohit Vadhera
What is the name of your organizational unit?
[Unknown]: Test_company
What is the name of your organization?
[Unknown]: Test_company_unit
What is the name of your City or Locality?
[Unknown]: Delhi
What is the name of your State or Province?
[Unknown]: Delhi
What is the two-letter country code for this unit?
[Unknown]: in
Is CN=Mohit Vadhera, OU="Test_company ", O=Test_company_unit, L=Delhi, ST=Delhi, C=in correct?
[no]: yes

Enter key password for <TESTING_KEYSTORE>
(RETURN if same as keystore password):


[root@localhost tmp]# keytool -import -alias root -keystore /opt/apache-tomcat-6.0.36/keystore_testing -trustcacerts -file /path_to_cert_file
[root@localhost tmp]# keytool -import -alias opera -keystore /opt/apache-tomcat-6.0.36/keystore_testing -file /path_to_cert_file

ADded connector information in server.xml and restarted tomcat

<Connector port="8443" maxThreads="150" scheme="https" secure="true" SSLEnabled="true" keystoreFile="/opt/apache-tomcat-6.0.36/keystore_testing" keystorePass="TESTING_KEYSTORE" clientAuth="false" keyAlias="TESTING_KEYSTORE" sslProtocol="TLS"/>






But when I access the url:https://$ip:8443 . I get the certification information on browser that i used to create CSR not for the domain and the expiry date shows 3 months from today. but the actual expiry date of the certs are in 2016 after 3 yrs. Can you please help me now.


Thanks,

TB0ne 04-20-2013 02:06 PM

Quote:

Originally Posted by project.linux.proj (Post 4935374)
Thanks for replying. After reading the document. I have done the following.

But when I access the url:https://$ip:8443 . I get the certification information on browser that i used to create CSR not for the domain and the expiry date shows 3 months from today. but the actual expiry date of the certs are in 2016 after 3 yrs. Can you please help me now.

If you read the link provided, did you understand it???

You created brand new certificates, rather than just importing the ones you had. Unless you pay attention to the steps of the instructions and what they do, things won't work right. Go back, re-read (and pay attention to), the instructions. All you have to do is import your certificates.

project.linux.proj 04-22-2013 12:45 AM

As per my understanding Keystore is a file that keeps your certificate encrypted so keystore is mandatory. I created keystore then imported certificates. Please correct me if i am wrong.

project.linux.proj 04-23-2013 04:20 AM

Can anybody help on this plz ?

TB0ne 04-23-2013 08:59 AM

Quote:

Originally Posted by project.linux.proj (Post 4937053)
Can anybody help on this plz ?

Stop bumping your own threads, and spell out your words. You've done this is SEVERAL of your other threads....we volunteer our time here, so bumping your own thread trying to get more attention is fairly rude.

Since you're in such a hurry, I will AGAIN suggest you read/understand the instructions you have been given. You're not following them. Also, you still haven't said which version/distro of Linux you're using. And where did you get the certificates/csr's to start with? Are they self-generated or purchased? There are different instructions for installing a purchased one versus a self-generated.


All times are GMT -5. The time now is 02:10 AM.