You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by jf...@apache.org on 2002/02/08 18:51:05 UTC
cvs commit: jakarta-tomcat-4.0/webapps/tomcat-docs ssl-howto.xml
jfclere 02/02/08 09:51:05
Modified: webapps/tomcat-docs ssl-howto.xml
Log:
Add How to install a certificate singed by a certificate authority.
Submitted by: pero, pero@antaramusic.de
Revision Changes Path
1.11 +48 -0 jakarta-tomcat-4.0/webapps/tomcat-docs/ssl-howto.xml
Index: ssl-howto.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/tomcat-docs/ssl-howto.xml,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- ssl-howto.xml 12 Nov 2001 21:03:49 -0000 1.10
+++ ssl-howto.xml 8 Feb 2002 17:51:05 -0000 1.11
@@ -363,6 +363,54 @@
</section>
+<section name="Installing a Certificate from a Certificate Authority">
+<p>To obstain and install a Certificate from a Certificate Authority (like verisign.com, thawte.com
+or trustcenter.de) you should have read the previous section and then follow these instructions:</p>
+
+<subsection name="Create a local Certificate Signing Request (CSR)">
+<p>In order to obtain a Certificate from the Certificate Authority of your choice
+you have to create a so called Certificate Signing Request (CSR). That CSR will be used
+by the Certificate Authority to create a Certificate that will identify your website
+as "secure". To create a CSR follow these steps:</p>
+<ul>
+<li>Create a local Certificate (as described in the previous section):
+ <source>keytool -genkey -alias tomcat -keyalg RSA \
+ -keystore <your_keystore_filename></source>
+ Note: In some cases you will have to enter the domain of your website (i.e. <code>www.myside.org</code>)
+ in the field "first- and lastname" in order to create a working Certificate.
+</li>
+<li>The CSR is then created with:
+ <source>keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr \
+ -keystore <your_keystore_filename></source>
+</li>
+</ul>
+<p>Now you have a file called <code>certreq.csr</code> that you can submit to the Certificate Authority (look at the
+documenation of the Certificate Authority website on how to do this). In return you get a Certificate.</p>
+</subsection>
+
+<subsection name="Importing the Certificate">
+<p>Now that you have your Certificate you can import it into you local keystore.
+First of all you have to import a so called Chain Certificate or Root Certificate into your keystore.
+After that you can procede with importing your Certificate.</p>
+
+<ul>
+<li>Download a Chain Certificate from the Certificate Authority you obtained the Certificate from.<br/>
+ For Verisign.com go to: http://www.verisign.com/support/install/intermediate.html<br/>
+ For Trustcenter.de go to: http://www.trustcenter.de/certservices/cacerts/en/en.htm#server<br/>
+ For Thawte.com go to: http://www.thawte.com/certs/trustmap.html<br/>
+</li>
+<li>Import the Chain Certificate into you keystore
+ <source>keytool -import -alias root -keystore <your_keystore_filename> \
+ -trustcacerts -file <filename_of_the_chain_certificate></source>
+</li>
+<li>And finally import your new Certificate
+ <source>keytool -import -alias tomcat -keystore <your_keystore_filename> \
+ -trustcacerts -file <your_certificate_filename></source>
+</li>
+</ul>
+</subsection>
+</section>
+
<section name="Troubleshooting">
<p>Here is a list of common problems that you may encounter when setting up
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>