From: "charles doweary" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: IIS 6.0, SSL and Tomcat 5.0.28 set up problems.
Date: Fri, 12 Nov 2004 13:29:52 -0500
Dear Sir,
I am running IIS 6.0 with Tomcat 5.0.28 on Windows Server 2003, and I am
having a problem getting SSL to work. The following instructions are a
portion of the article titled "TOMCAT and SSL", and I have a questions
about "Do: keytool -genkey -alias tomcat -keyalg RSA".
Where is this command typed into the system?
Where do I key this information into the system?
Are the commands entered in DOS?
I have JSSE installed and the 3 jar files are in place in my CLASSPATH and
in JAVA_HOME.
IIS has a wizard that I use to create certificates and it does not permit
me to enter the keytool parameters.
I guess my next questions are:
How do I created a certificate in my environment without using the wizard?
Have the steps changed to get SSL to work in version 6.0 of IIS and version
5.0.28 of Tomcat?
And if so, what steps do I now need to take to set this up properly?
Your help in my setup issue is greatly apprieciated.
DIRECT SSL
Generate a SSL certificate (RSA) for tomcat
I succeed (at least) with my IBM JDK 1.3 after:
jsse jars MUST BE IN BOTH CLASSPATH and $JAVA_HOME/jre/lib/ext (JAVA > 1.2)
from server.xml doc.You _need_ to set up a server certificate if you want
this to work, and you need JSSE.
Add JSSE jars to CLASSPATH
Edit $JAVA_HOME/jre/lib/security/java.security
Add: security.provider.2=com.sun.net.ssl.internal.ssl.Provider
Do: keytool -genkey -alias tomcat -keyalg RSA
RSA is essential to work with Netscape and IIS. Use "changeit" as password
(or add keypass attribute). You don't need to sign the certificate. You can
set parameter keystore and keypass if you want to change the default
($HOME/.keystore with changeit)
I suggest you install jcert.jar, jnet.jar and jsse.jar in
$JAVA_HOME/jre/lib/ext and then add them to your CLASSPATH export
CLASSPATH=$JAVA_HOME/jre/lib/ext/jcert.jar:$CLASSPATH
export CLASSPATH=$JAVA_HOME/jre/lib/ext/jnet.jar:$CLASSPATH
export CLASSPATH=$JAVA_HOME/jre/lib/ext/jsse.jar:$CLASSPATH
You could also copy the 3 jars into $TOMCAT_HOME/lib/ so they are under the
existing CLASSPATH at tomcat startup (tomcat.sh).
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]