You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by charles doweary <ch...@hotmail.com> on 2004/11/12 19:37:39 UTC
FW: IIS 6.0, SSL and Tomcat 5.0.28 set up problems.
>From: "charles doweary" <ch...@hotmail.com>
>To: tomcat-user-help@jakarta.apache.org
>CC: charlesdoweary@hotmail.com
>Subject: IIS 6.0, SSL and Tomcat 5.0.28 set up problems.
>Date: Fri, 12 Nov 2004 13:29:52 -0500
>
>Dear Sir,
>
>I am running IIS 6.0 with Tomcat 5.0.28 on Windows Server 2003, and I am
>having a problem getting SSL to work. The following instructions are a
>portion of the article titled "TOMCAT and SSL", and I have a questions
>about "Do: keytool -genkey -alias tomcat -keyalg RSA".
>
>Where is this command typed into the system?
>Where do I key this information into the system?
>Are the commands entered in DOS?
>
>I have JSSE installed and the 3 jar files are in place in my CLASSPATH and
>in JAVA_HOME.
>
>IIS has a wizard that I use to create certificates and it does not permit
>me to enter the keytool parameters.
>
>I guess my next questions are:
>How do I created a certificate in my environment without using the wizard?
>Have the steps changed to get SSL to work in version 6.0 of IIS and version
>5.0.28 of Tomcat?
>And if so, what steps do I now need to take to set this up properly?
>
>Your help in my setup issue is greatly apprieciated.
>
>
>DIRECT SSL
>
>Generate a SSL certificate (RSA) for tomcat
>
>I succeed (at least) with my IBM JDK 1.3 after:
>
>jsse jars MUST BE IN BOTH CLASSPATH and $JAVA_HOME/jre/lib/ext (JAVA > 1.2)
>from server.xml doc.You _need_ to set up a server certificate if you want
>this to work, and you need JSSE.
>Add JSSE jars to CLASSPATH
>Edit $JAVA_HOME/jre/lib/security/java.security
>Add: security.provider.2=com.sun.net.ssl.internal.ssl.Provider
>Do: keytool -genkey -alias tomcat -keyalg RSA
>RSA is essential to work with Netscape and IIS. Use "changeit" as password
>(or add keypass attribute). You don't need to sign the certificate. You can
>set parameter keystore and keypass if you want to change the default
>($HOME/.keystore with changeit)
>I suggest you install jcert.jar, jnet.jar and jsse.jar in
>$JAVA_HOME/jre/lib/ext and then add them to your CLASSPATH export
>
>
>CLASSPATH=$JAVA_HOME/jre/lib/ext/jcert.jar:$CLASSPATH
>export CLASSPATH=$JAVA_HOME/jre/lib/ext/jnet.jar:$CLASSPATH
>export CLASSPATH=$JAVA_HOME/jre/lib/ext/jsse.jar:$CLASSPATH
>
>You could also copy the 3 jars into $TOMCAT_HOME/lib/ so they are under the
>existing CLASSPATH at tomcat startup (tomcat.sh).
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org