Hello Peter, Forgive my ignorance (perhaps this is why people aren't finding this sort of information), but whatr exactly *IS* the CVS? And *WHERE* is it?
Thanks, Glenn At 10:34 PM 4/25/02 +0200, you wrote: >Mhhh, there is an updated version of the ssl-howto in the >CVS for MONTHS now, that describes the installation of official >certs (like Verisign, Thawte, Trustcenter...) step by step. >But it is *NOT* in TC 4.03 and it is not on the jakarta-webpage. > >I simply wonder why? People are dealing with this topic again >and again... And I know how frustrating this can get... :-( > >Peter > > > -----Original Message----- > > From: Dave North [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, April 25, 2002 8:33 PM > > To: Tomcat Users List > > Subject: RE: tomcat and SSL (keyfile password) > > > > > > OK, here's what I did (this was using a test versign cert but the > > procedure is the same for a "real" production cert): > > > > STEP A - generate your private key > > > > Pre-req: JDK must be installed > > > > 1) cd to $JAVA_HOME/jre/bin > > > > 2) run ./keytool -genkey -alias tomcat -keyalg RSA -keystore <FULL PATH > > TO KEYSTORE> > > > > 3) You will be prompted for a password for the keystore > > > > 3) at the prompts, enter: > > > > What is your first and last name? > > [Unknown]: <DO NOT USE NAME - ENTER THE NAME OF YOUR MACHINE AS IT'S > > KNOWN TO VISITORS> > > What is the name of your organizational unit? > > [Unknown]: <WHATEVER YOU LIKE> > > What is the name of your organization? > > [Unknown]: <TYPICALLY COMPANY NAME> > > What is the name of your City or Locality? > > [Unknown]: <YOUR CITY> > > What is the name of your State or Province? > > [Unknown]: <STATE OR PROV> > > What is the two-letter country code for this unit? > > [Unknown]: <COUNTRY CODE> > > > > 4) You will then be prompted for another password - use the same (ie. > > Press ENTER) > > > > STEP B - Generate a Certificate Request > > > > 1) cd to $JAVA_HOME/jre/bin > > > > 2) ./keytool -certreq -alias tomcat -file csr.txt -keystore <FULL PATH > > TO SAME KEYSTORE CREATED IN STEP A> > > > > STEP C - Get the new cert from Verisign > > > > www.versign.com has all the info here > > > > STEP D - Install the Verisign ROOT CA cert AND your server cert > > > > When you get your cert in step C, they will provide you with the root > > cert > > > > 1) cd to $JAVA_HOME/jre/bin > > > > 2) ./keytool -import -alias verisign -file <FILE THAT CONTAINS THE > > VERSIGN ROOT CA CERT> -keystore <PATH TO KEYSTORE> > > > > 3) ./keytool -import -trustcacerts -alias tomcat -file <FILE THAT > > CONTAINS YOUR CERT FROM VERISIGN> -keystore <PATH TO KEYSTORE> > > > > > > STEP E - Configure an SSL listener for tomcat > > > > 1) edit $JAKARTA_HOME/conf/server.xml and add the following: > > > > <!-- Define an SSL HTTP/1.1 Connector on port 443 --> > > <Connector className="org.apache.catalina.connector.http.HttpConnector" > > port="443" minProcessors="5" maxProcessors="75" > > enableLookups="true" > > acceptCount="10" debug="10" scheme="https" secure="true"> > > <Factory className="org.apache.catalina.net.SSLServerSocketFactory" > > clientAuth="false" protocol="TLS" > > keystoreFile="<FULL PATH TO KEYSTORE FILE>" > > keystorePass="<PASSWORD HERE>"/> > > </Connector> > > > > 2) Stop and start the tomcat server > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, April 25, 2002 2:29 PM > > To: Tomcat Users List > > Subject: Re: tomcat and SSL (keyfile password) > > > > > > Hi Dave > > > > ohhh...good to know that. > > > > I need to set up the tomcat 4.0.3 with verisign. > > > > Can you please send those doc to me ? > > > > I appreciate your help > > > > thanks in advance > > BM > > > > Dave North wrote: > > > > > Hello, > > > After a few hours trying to get this working, I've finally got > > > my tomcat server working with a certificate signed by Verisign. This > > > all works great. However, to do this, I need to configure the > > > keyfilePass into the server.xml file. This is bad as our security > > > policy is "thou shall not have any passwords in plain text". We also > > > use SSL on our iPlanet server and it prompts at start time for the > > > password (they use the term software token but it's the same). So, > > the > > > question is: is it possible to have tomcat prompt for this and/or how > > > have others got around keeping this in plain text? > > > > > > BTW: if anyone's interested, I have the complete step-by-step of how I > > > got the versign cert working...the info is out there but it seems to > > be > > > all over the place. > > > > > > Thanks > > > > > > Dave > > > > > > Dave North > > > SIGNIANT Inc. > > > Trusted Data Transfer Services > > > www.signiant.com > > > Phone: 613-761-3623 > > > Mobile: 613-294-3231 > > > Fax: 613-761-3629 > > > Email: [EMAIL PROTECTED] > > > > > > -- > > > To unsubscribe: <mailto:[EMAIL PROTECTED]> > > > For additional commands: <mailto:[EMAIL PROTECTED]> > > > Troubles with the list: <mailto:[EMAIL PROTECTED]> > > > > > > -- > > To unsubscribe: <mailto:[EMAIL PROTECTED]> > > For additional commands: <mailto:[EMAIL PROTECTED]> > > Troubles with the list: <mailto:[EMAIL PROTECTED]> > > > > > > -- > > To unsubscribe: <mailto:[EMAIL PROTECTED]> > > For additional commands: <mailto:[EMAIL PROTECTED]> > > Troubles with the list: <mailto:[EMAIL PROTECTED]> > > > >-- >To unsubscribe: <mailto:[EMAIL PROTECTED]> >For additional commands: <mailto:[EMAIL PROTECTED]> >Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
