RCS file: /home/cvspublic/jakarta-tomcat-4.0/webapps/tomcat-docs/ssl-howto.xml,v
retrieving revision 1.10
diff -u -r1.10 ssl-howto.xml
--- ssl-howto.xml	12 Nov 2001 21:03:49 -0000	1.10
+++ ssl-howto.xml	2 Feb 2002 00:07:17 -0000
@@ -363,6 +363,54 @@
 
 </section>
 
+<section name="Installing a Certificate from a Certificate Authority">
+<p>To obstain and install a Certificate from a Certificate Authority (like verisign.com, thawte.com 
+or trustcenter.de) you should have read the previous section and then follow these instructions:</p>
+
+<subsection name="Create a local Certificate Signing Request (CSR)">
+<p>In order to obtain a Certificate from the Certificate Authority of your choice 
+you have to create a so called Certificate Signing Request (CSR). That CSR will be used 
+by the Certificate Authority to create a Certificate that will identify your website 
+as "secure". To create a CSR follow these steps:</p>
+<ul>
+<li>Create a local Certificate (as described in the previous section):
+	<source>keytool -genkey -alias tomcat -keyalg RSA \
+	-keystore &lt;your_keystore_filename&gt;</source>
+	Note: In some cases you will have to enter the domain of your website (i.e. <code>www.myside.org</code>)
+	in the field "first- and lastname" in order to create a working Certificate. 
+</li>
+<li>The CSR is then created with:
+	<source>keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr \
+	-keystore &lt;your_keystore_filename&gt;</source>
+</li>
+</ul>
+<p>Now you have a file called <code>certreq.csr</code> that you can submit to the Certificate Authority (look at the
+documenation of the Certificate Authority website on how to do this). In return you get a Certificate.</p>
+</subsection>
+
+<subsection name="Importing the Certificate">
+<p>Now that you have your Certificate you can import it into you local keystore. 
+First of all you have to import a so called Chain Certificate or Root Certificate into your keystore. 
+After that you can procede with importing your Certificate.</p>
+
+<ul>
+<li>Download a Chain Certificate from the Certificate Authority you obtained the Certificate from.<br/>
+	For Verisign.com go to: http://www.verisign.com/support/install/intermediate.html<br/>
+	For Trustcenter.de go to: http://www.trustcenter.de/certservices/cacerts/en/en.htm#server<br/>
+	For Thawte.com go to: http://www.thawte.com/certs/trustmap.html<br/>
+</li>
+<li>Import the Chain Certificate into you keystore
+    <source>keytool -import -alias root -keystore &lt;your_keystore_filename&gt; \
+	-trustcacerts -file &lt;filename_of_the_chain_certificate&gt;</source>
+</li>
+<li>And finally import your new Certificate
+	<source>keytool -import -alias tomcat -keystore &lt;your_keystore_filename&gt; \
+	-trustcacerts -file &lt;your_certificate_filename&gt;</source>
+</li>
+</ul>
+</subsection>
+</section>
+
 <section name="Troubleshooting">
 
 <p>Here is a list of common problems that you may encounter when setting up

