- Create a Key Pair
- Generate the CSR file from the Key pair created
- Submit the CSR file to Versign to obtain certificate
- This step is only for Trail SSL certificate
- Download root certificate from http://www.verisign.com/support/verisign-intermediate-ca/Trial_Secure_Server_Root/index.html and store has root.cer
- Download intermediate Certificate from http://www.verisign.com/support/verisign-intermediate-ca/trial-secure-server-intermediate/index.html and store has intermediate.cer
- Add root and intermediate Certificate to Key pair
keytool -import -trustcacerts -alias root -keystore <keystore_filename> -file root.cer
keytool -import -trustcacerts -alias intermediate -keystore <keystore_filename> -file intermediate.cer
- Download primary and secondary certificate from http://www.verisign.com/support/verisign-intermediate-ca/extended-validation/index.html and store has primary_EV_inter.cer and secondary_EV_inter.cer
keytool -import -trustcacerts -alias EV_intermediate -keystore <keystore_filename> -file secondary_EV_inter.cer
- Store the Certificate obtained from Versign as cert.cer
Configuration in Tomcat
Open server.xml in conf folder
Add following node in service node
<connector
className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="false" acceptCount="10" SSLEnabled="true"
connectionTimeout="60000" debug="0" scheme="https" secure="true" Protocol="TLS" clientAuth="false"
keyAlias="<alias_name>" keystore="<keystore_filename>"
keystorePass="<password>"/>
NOTE:
Change the port value for desired port
UI to add certificate is available at http://portecle.sourceforge.net/
2 comments:
If you want to replace keytool with a GUI tool then you can also use CERTivity.
http://www.edulib.com/products/keystores-manager/
It can handle different types of keystores (JKS, JCEKS, PKCS12, BKS, UBER, Windows) and digital signatures.
Wow, this article is nice, my younger sister is analyzing such things, therefore I am going to tell her.
Post a Comment