Hi,
I have a small troubles with SSL certificates integration for tomcat 6.0.
Of course I've read the FAQ and SSL tutorial but my situation is not
described in that help sheets in details...
I enabled SSL on tomcat and can log in onto default page with default
certificate, but I have to make the following:
1) enable SSL on server (tomcat);
2) sign certificate by my company (not to pay for signing on CA for
now);
3) generate certificate for every client and sent them by e-mail etc..
4) on client connect to my server accept client certificate...
I've made this:
added into server.conf
<Connector
port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="/var/certificates/serverstore"
keystorePass="123321"
keystoreType="JKS" keyAlias="tomcat"
clientAuth="true" sslProtocol="TLS"
truststoreFile="/var/certificates/clienttruststore"
truststorePass="123321" truststoreType="JKS"/>
and do the following (java):
a) Process p = Runtime.getRuntime().exec("keytool -genkey -keyalg RSA -dname
\" CN=" + commoname
+ ", OU=" + orzunit
+ ", O=" + organization
+ ", L=" + loc
+ ", S=" + state
+ ", C=" + scontry
+ "\" -alias " + aliasname
+ " -keypass " + keypass
+ " -keystore " + keystore
+ " -storetype PKCS12 -storepass " + keystorepass
+ " -validity " + validity);
b) Process p = Runtime.getRuntime().exec("keytool -export -alias " +
aliasname
+ " -keyalg RSA -keystore " + kystore
+ " -storetype PKCS12 -storepass " + kystorepass
+ " -file " + file);
c) Process p = Runtime.getRuntime().exec("keytool -import -noprompt -alias "
+ aliasname
+ " -keyalg RSA -keystore " + kystore
+ " -storetype JKS -storepass " + kystorepass
+ " -file " + file);
But after adding client certificate, I have to restart tomcat... but it is
impossible!
If Someone knows how to generate and add certificates into keystore for
tomcat and use them without restart it will be great to reply to me:)
Thanks..
