Java Mailing List Archive

http://www.junlu.com/

Home » Home (12/2007) » Tomcat Users »

Re: [HELP!] Which key alias names to use for SSL?

Adam Hardy

2003-10-11

Replies:

On 10/11/2003 09:08 PM Sonny Sukumar wrote:
>
> [I sent this once before, but got no response, and I'm not sure what to
> do. Thanks in advance.]
>
> Hi guys,
>
> I'm trying to setup my Tomcat (4.1.27) server to work with SSL. I got a
> CA-signed cert to go with my private key and CA root cert, but I'm
> confused as to how to name the alias for the CA-signed-cert and my
> private key.
>
> The Tomcat SSL How-To is confusing me, becuase it says to give the
> "tomcat" alias to both the private key and the CA-signed key. I tried
> it and it overwrote my private key (luckily I made a backup of my
> keystore).
>
> I'm looking at this documentation:
> http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
>
> It also doesn't seem possible to configure the alias names in
> server.xml. So what alias names should I use? :-)

Hi Sonny,
the following is from a thread I kept since I knew I would need it one
day. There's more in the list archives in this thread if you need it
(sorry don't have the link to the thread):

>>>>>>>>>>>>>

I still don't know what I did wrong in the first place, but after
starting over with VeriSign, all is well now. I thought I'd share the
(simple!) steps I took to get SSL running using keytool/tomcat in case
anyone else might find this useful:

# keytool -genkey -alias tomcat -keyalg RSA
[enter a password and all necessary information, then just <enter> at
next password prompt]
# cp ~/.keystore ~/.keystore-backup
# keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr
[enter same password]
[give contents of certreq.csr to VeriSign and wait for response...]
[NOTE: when asked to select my server software, I chose "apache" since they
didn't have Tomcat in their list...I don't know if this matters, but it
worked]
# keytool -import -trustcacerts -file intermediate.crt -alias root
[enter same password]
[NOTE: intermediate.crt is the file found here:
http://www.verisign.com/support/install/intermediate.html]
# keytool -import trustcacerts -file public.crt -alias tomcat
[enter same password]
[where public.crt is the certificate sent from VeriSign after they complete
their approval process]
[finally, edit ...tomcat/conf/server.xml and enable the SSL connector
section, adding keystorePass="[password]"
as an attribute to the Factory tag]

Hope this helps.

Thanks to all who provided suggestions along the way.



--
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)


©2008 junlu.com - Jax Systems, LLC, U.S.A.