You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2014/11/09 16:28:05 UTC

svn commit: r1637687 - in /tomcat/tc6.0.x/trunk: ./ webapps/docs/ssl-howto.xml

Author: kkolinko
Date: Sun Nov  9 15:28:04 2014
New Revision: 1637687

URL: http://svn.apache.org/r1637687
Log:
CTR: docs
Minor corrections:
- Remove '\' at end-of-line when wrapping long lists of command arguments. Such character makes no sense on Windows ('^' is used there).
I think that readers should be wise enough to unwrap the lines, and unwrapping is easier when you do not have to delete stray '\' characters.
- Add double quotes to Windows command line samples, as %JAVA_HOME% is likely to contain a whitespace character.

Merged r1637686 from tomcat/tc7.0.x/trunk.

Modified:
    tomcat/tc6.0.x/trunk/   (props changed)
    tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml

Propchange: tomcat/tc6.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1637684
  Merged /tomcat/tc7.0.x/trunk:r1637686
  Merged /tomcat/tc8.0.x/trunk:r1637685

Modified: tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml?rev=1637687&r1=1637686&r2=1637687&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml Sun Nov  9 15:28:04 2014
@@ -50,19 +50,14 @@ these simple steps.  For more informatio
 <li>Create a keystore file to store the server&apos;s private key and
 self-signed certificate by executing the following command:
 <p>Windows:</p>
-<source>
-%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
-</source>
+<source>"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA</source>
 <p>Unix:</p>
-<source>
-$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
-</source>
-<p></p>
-    and specify a password value of "changeit".</li><br/><br/>
-<li>Uncomment the "SSL HTTP/1.1 Connector" entry in
+<source>$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA</source>
+
+<p>and specify a password value of "changeit".</p></li>
+<li><p>Uncomment the "SSL HTTP/1.1 Connector" entry in
     <code>$CATALINA_BASE/conf/server.xml</code> and modify as described in 
-    the <a href="#Configuration">Configuration section</a> below.</li>
-    <br/><br/>
+    the <a href="#Configuration">Configuration section</a> below.</p></li>
 </ol>
 
 
@@ -213,24 +208,19 @@ Note that OpenSSL often adds readable co
 they exist before importing the key using <code>keytool</code>.
 </p>
 <p>To import an existing certificate signed by your own CA into a PKCS12 
-keystore using OpenSSL you would execute a command like:
-<source>openssl pkcs12 -export -in mycert.crt -inkey mykey.key \
-                        -out mycert.p12 -name tomcat -CAfile myCA.crt \
-                        -caname root -chain
-</source>
-For more advanced cases, consult the <a href="http://www.openssl.org/">OpenSSL
+keystore using OpenSSL you would execute a command like:</p>
+<source>openssl pkcs12 -export -in mycert.crt -inkey mykey.key
+                        -out mycert.p12 -name tomcat -CAfile myCA.crt
+                        -caname root -chain</source>
+<p>For more advanced cases, consult the <a href="http://www.openssl.org/">OpenSSL
 documentation</a>.
 </p>
 <p>To create a new keystore from scratch, containing a single self-signed
 Certificate, execute the following from a terminal command line:</p>
 <p>Windows:</p>
-<source>
-%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
-</source>
+<source>"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA</source>
 <p>Unix:</p>
-<source>
-$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
-</source>
+<source>$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA</source>
 
 <p>(The RSA algorithm should be preferred as a secure algorithm, and this
 also ensures general compatibility with other servers and components.)</p>
@@ -243,15 +233,11 @@ to the <code>keytool</code> command show
 reflect this new location in the <code>server.xml</code> configuration file,
 as described later.  For example:</p>
 <p>Windows:</p>
-<source>
-%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA \
-  -keystore \path\to\my\keystore
-</source>
+<source>"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA
+  -keystore \path\to\my\keystore</source>
 <p>Unix:</p>
-<source>
-$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA \
-  -keystore /path/to/my/keystore
-</source>
+<source>$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
+  -keystore /path/to/my/keystore</source>
 
 <p>After executing this command, you will first be prompted for the keystore
 password.  The default password used by Tomcat is "<code>changeit</code>"
@@ -401,9 +387,7 @@ numbers lower than 1024 on many operatin
 <p>After completing these configuration changes, you must restart Tomcat as
 you normally do, and you should be in business.  You should be able to access
 any web application supported by Tomcat via SSL.  For example, try:</p>
-<source>
-https://localhost:8443
-</source>
+<source>https://localhost:8443/</source>
 
 <p>and you should see the usual Tomcat splash page (unless you have modified
 the ROOT web application).  If this does not work, the following section
@@ -424,13 +408,13 @@ by the Certificate Authority to create a
 as "secure". To create a CSR follow these steps:</p>
 <ul>
 <li>Create a local Certificate (as described in the previous section):
-    <source>keytool -genkey -alias tomcat -keyalg RSA \
+    <source>keytool -genkey -alias tomcat -keyalg RSA
     -keystore &lt;your_keystore_filename&gt;</source>
     Note: In some cases you will have to enter the domain of your website (i.e. <code>www.myside.org</code>)
     in the field "first- and lastname" in order to create a working Certificate. 
 </li>
 <li>The CSR is then created with:
-    <source>keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr \
+    <source>keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr
     -keystore &lt;your_keystore_filename&gt;</source>
 </li>
 </ul>
@@ -455,11 +439,11 @@ After that you can proceed with importin
             http://www.thawte.com/certs/trustmap.html<br/>
 </li>
 <li>Import the Chain Certificate into your keystore
-    <source>keytool -import -alias root -keystore &lt;your_keystore_filename&gt; \
+    <source>keytool -import -alias root -keystore &lt;your_keystore_filename&gt;
     -trustcacerts -file &lt;filename_of_the_chain_certificate&gt;</source>
 </li>
 <li>And finally import your new Certificate
-    <source>keytool -import -alias tomcat -keystore &lt;your_keystore_filename&gt; \
+    <source>keytool -import -alias tomcat -keystore &lt;your_keystore_filename&gt;
     -file &lt;your_certificate_filename&gt;</source>
 </li>
 </ul>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org