You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2014/11/09 16:14:20 UTC
svn commit: r1637685 - in /tomcat/tc8.0.x/trunk: ./
webapps/docs/ssl-howto.xml
Author: kkolinko
Date: Sun Nov 9 15:14:20 2014
New Revision: 1637685
URL: http://svn.apache.org/r1637685
Log:
Minor corrections:
- Remove '\' at end-of-line when wrapping long lists of command arguments. Such character makes no sense on Windows ('^' is used there).
I think that readers should be wise enough to unwrap the lines, and unwrapping is easier when you do not have to delete stray '\' characters.
- Add double quotes to Windows command line samples, as %JAVA_HOME% is likely to contain a whitespace character.
Merged r1637684 from tomcat/trunk.
Modified:
tomcat/tc8.0.x/trunk/ (props changed)
tomcat/tc8.0.x/trunk/webapps/docs/ssl-howto.xml
Propchange: tomcat/tc8.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1637684
Modified: tomcat/tc8.0.x/trunk/webapps/docs/ssl-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/ssl-howto.xml?rev=1637685&r1=1637684&r2=1637685&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/webapps/docs/ssl-howto.xml (original)
+++ tomcat/tc8.0.x/trunk/webapps/docs/ssl-howto.xml Sun Nov 9 15:14:20 2014
@@ -48,7 +48,7 @@ these simple steps. For more informatio
<li><p>Create a keystore file to store the server's private key and
self-signed certificate by executing the following command:</p>
<p>Windows:</p>
-<source>%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA</source>
+<source>"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA</source>
<p>Unix:</p>
<source>$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA</source>
@@ -208,16 +208,16 @@ they exist before importing the key usin
</p>
<p>To import an existing certificate signed by your own CA into a PKCS12
keystore using OpenSSL you would execute a command like:</p>
-<source>openssl pkcs12 -export -in mycert.crt -inkey mykey.key \
- -out mycert.p12 -name tomcat -CAfile myCA.crt \
- -caname root -chain</source>
+<source>openssl pkcs12 -export -in mycert.crt -inkey mykey.key
+ -out mycert.p12 -name tomcat -CAfile myCA.crt
+ -caname root -chain</source>
<p>For more advanced cases, consult the <a href="http://www.openssl.org/">OpenSSL
documentation</a>.
</p>
<p>To create a new keystore from scratch, containing a single self-signed
Certificate, execute the following from a terminal command line:</p>
<p>Windows:</p>
-<source>%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA</source>
+<source>"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA</source>
<p>Unix:</p>
<source>$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA</source>
@@ -232,10 +232,10 @@ to the <code>keytool</code> command show
reflect this new location in the <code>server.xml</code> configuration file,
as described later. For example:</p>
<p>Windows:</p>
-<source>%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA \
+<source>"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA
-keystore \path\to\my\keystore</source>
<p>Unix:</p>
-<source>$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA \
+<source>$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
-keystore /path/to/my/keystore</source>
<p>After executing this command, you will first be prompted for the keystore
@@ -374,7 +374,7 @@ numbers lower than 1024 on many operatin
<p>After completing these configuration changes, you must restart Tomcat as
you normally do, and you should be in business. You should be able to access
any web application supported by Tomcat via SSL. For example, try:</p>
-<source>https://localhost:8443</source>
+<source>https://localhost:8443/</source>
<p>and you should see the usual Tomcat splash page (unless you have modified
the ROOT web application). If this does not work, the following section
contains some troubleshooting tips.</p>
@@ -394,13 +394,13 @@ by the Certificate Authority to create a
as "secure". To create a CSR follow these steps:</p>
<ul>
<li>Create a local Certificate (as described in the previous section):
- <source>keytool -genkey -alias tomcat -keyalg RSA \
+ <source>keytool -genkey -alias tomcat -keyalg RSA
-keystore <your_keystore_filename></source>
Note: In some cases you will have to enter the domain of your website (i.e. <code>www.myside.org</code>)
in the field "first- and lastname" in order to create a working Certificate.
</li>
<li>The CSR is then created with:
- <source>keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr \
+ <source>keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr
-keystore <your_keystore_filename></source>
</li>
</ul>
@@ -425,11 +425,11 @@ After that you can proceed with importin
http://www.thawte.com/certs/trustmap.html<br/>
</li>
<li>Import the Chain Certificate into your keystore
- <source>keytool -import -alias root -keystore <your_keystore_filename> \
+ <source>keytool -import -alias root -keystore <your_keystore_filename>
-trustcacerts -file <filename_of_the_chain_certificate></source>
</li>
<li>And finally import your new Certificate
- <source>keytool -import -alias tomcat -keystore <your_keystore_filename> \
+ <source>keytool -import -alias tomcat -keystore <your_keystore_filename>
-file <your_certificate_filename></source>
</li>
</ul>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org