Wednesday, December 9, 2009

Steps to add Versign certificate in Tomcat server

  • Create a Key Pair
keytool -alias <alias_name> -genkey -keyalg "RSA" -keystore <keystore_filename>
  • Generate the CSR file from the Key pair created
keytool -certreq -alias <alias_name> -file <csr filename> -keystore <keystore_filename>
  • Submit the CSR file to Versign to obtain certificate
  • This step is only for Trail SSL certificate
keytool -import -trustcacerts -alias EV_root -keystore <keystore_filename> -file primary_EV_inter.cer
keytool -import -trustcacerts -alias EV_intermediate -keystore <keystore_filename> -file secondary_EV_inter.cer
  • Store the Certificate obtained from Versign as cert.cer
keytool -import -trustcacerts -alias <alias_name> -keystore <keystore_filename> -file cert.cer

Configuration in Tomcat

Open server.xml in conf folder
Add following node in service node
<connector
className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="false" acceptCount="10" SSLEnabled="true"
connectionTimeout="60000" debug="0" scheme="https" secure="true" Protocol="TLS" clientAuth="false"
keyAlias="<alias_name>" keystore="<keystore_filename>"
keystorePass="<password>"/>

NOTE:
Change the port value for desired port
UI to add certificate is available at http://portecle.sourceforge.net/


2 comments:

edulib said...

If you want to replace keytool with a GUI tool then you can also use CERTivity.
http://www.edulib.com/products/keystores-manager/

It can handle different types of keystores (JKS, JCEKS, PKCS12, BKS, UBER, Windows) and digital signatures.

erectile dysfunction remedies said...

Wow, this article is nice, my younger sister is analyzing such things, therefore I am going to tell her.