For 5, import the CA cert to $JAVA_HOME/jre/lib/security/cacerts
Do 4 after 5.
If you do it right, you shouldn't see the prompt to trust the CA as it
is already in your list of trusted certs.
Also, check the server cert you get back is indeed what you expect.
Mark
Peter Betz wrote:
Hi,
I am having a problem here. I am using Jakarta Tomcat V5.5 (part of
jboss-4.0.2) and j2sdk1.4.2_08 on a Redhat Linux server.
I having been trying to register a signed certificate but have thus far
being unsuccessful.
It always comes out as a self-signed certificate. What am I doing wrong?
Details are as follows:
Here is what I have been doing:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Logged in and performed commands as jboss user because the J2EE and Jakarta
Tomcat environment is run under jboss user.
1. Generate a private key with the following command:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore
k-factor88.kdb
2. Generate the Certificate Signing Request (CSR)
$JAVA_HOME/bin/keytool -certreq -alias tomcat -keystore k-factor88.kdb -file
k-factor88.csr
3. Generate the Server Certificate
Submit k-factor88.csr to root certification authority and save returned
certificate into k-factor88.cer
4. Import the Server Certificate
$JAVA_HOME/bin/keytool -import -trustcacerts -keystore k-factor88.kdb -alias
root -file k-factor88.cer
Note: Keytool confirms that the certificate has been signed by a
certification authority. I choose to trust it.
5. Import the Trust Certificate
$JAVA_HOME/bin/keytool -import -trustcacerts -keystore k-factor88.kdb -alias
jboss -file UTN.cer
Note: UTN.cer is the certification authority certificate and needs to be
imported.
server.xml
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<Connector port="8443" address="${jboss.bind.address}"
maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
emptySessionPath="true"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.home.dir}/bin/certs/k-factor88.kdb"
keystorePass="changeit" sslProtocol = "TLS" />
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
