jfclere 02/02/08 09:51:05 Modified: webapps/tomcat-docs ssl-howto.xml Log: Add How to install a certificate singed by a certificate authority. Submitted by: pero, [EMAIL PROTECTED] Revision Changes Path 1.11 +48 -0 jakarta-tomcat-4.0/webapps/tomcat-docs/ssl-howto.xml Index: ssl-howto.xml =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/tomcat-docs/ssl-howto.xml,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- ssl-howto.xml 12 Nov 2001 21:03:49 -0000 1.10 +++ ssl-howto.xml 8 Feb 2002 17:51:05 -0000 1.11 @@ -363,6 +363,54 @@ </section> +<section name="Installing a Certificate from a Certificate Authority"> +<p>To obstain and install a Certificate from a Certificate Authority (like verisign.com, thawte.com +or trustcenter.de) you should have read the previous section and then follow these instructions:</p> + +<subsection name="Create a local Certificate Signing Request (CSR)"> +<p>In order to obtain a Certificate from the Certificate Authority of your choice +you have to create a so called Certificate Signing Request (CSR). That CSR will be used +by the Certificate Authority to create a Certificate that will identify your website +as "secure". To create a CSR follow these steps:</p> +<ul> +<li>Create a local Certificate (as described in the previous section): + <source>keytool -genkey -alias tomcat -keyalg RSA \ + -keystore <your_keystore_filename></source> + Note: In some cases you will have to enter the domain of your website (i.e. <code>www.myside.org</code>) + in the field "first- and lastname" in order to create a working Certificate. +</li> +<li>The CSR is then created with: + <source>keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr \ + -keystore <your_keystore_filename></source> +</li> +</ul> +<p>Now you have a file called <code>certreq.csr</code> that you can submit to the Certificate Authority (look at the +documenation of the Certificate Authority website on how to do this). In return you get a Certificate.</p> +</subsection> + +<subsection name="Importing the Certificate"> +<p>Now that you have your Certificate you can import it into you local keystore. +First of all you have to import a so called Chain Certificate or Root Certificate into your keystore. +After that you can procede with importing your Certificate.</p> + +<ul> +<li>Download a Chain Certificate from the Certificate Authority you obtained the Certificate from.<br/> + For Verisign.com go to: http://www.verisign.com/support/install/intermediate.html<br/> + For Trustcenter.de go to: http://www.trustcenter.de/certservices/cacerts/en/en.htm#server<br/> + For Thawte.com go to: http://www.thawte.com/certs/trustmap.html<br/> +</li> +<li>Import the Chain Certificate into you keystore + <source>keytool -import -alias root -keystore <your_keystore_filename> \ + -trustcacerts -file <filename_of_the_chain_certificate></source> +</li> +<li>And finally import your new Certificate + <source>keytool -import -alias tomcat -keystore <your_keystore_filename> \ + -trustcacerts -file <your_certificate_filename></source> +</li> +</ul> +</subsection> +</section> + <section name="Troubleshooting"> <p>Here is a list of common problems that you may encounter when setting up
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
