Showing posts with label certificate. Show all posts
Showing posts with label certificate. Show all posts

Friday, November 26, 2010

Create Java SSL certificate


1 Create the SSL key for your machine using Java's keytool program. When asked to specify your first and last name, use the name of the machine running the CAS Tomcat server. For example, on my machine, I used localhost:
                 keytool -genkey -alias tomcat -keypass mycertificate -keyalg RSA
2. You now have a keystore in the current user's home directory. Now you need to add the certificate to your JRE's cacerts file. Export the certificate you just generated:
                 keytool -export -alias tomcat -keypass mycertificate -file server.crt
3. Now, add the exported certificate (server.crt) to your JRE's cacerts file again using Java's keytool program, as follows:
                keytool -import -file server.crt -keypass mycertificate -keystore ..\jre\lib\security\cacerts
4. The last step in setting up SSL is to tell Tomcat about the keystore. Edit the server.xml file again. Modify the SSL connector definition with the lines           highlighted below. Note that the keystoreFile is the full path to the current user's home directory where the keystore resides:
                                <Connector port="8443" maxHttpHeaderSize="8192"
                                maxThreads="150" minSpareThreads="25"
                                maxSpareThreads="75"
                                enableLookups="false" disableUploadTimeout="true"
                                acceptCount="100" scheme="https" secure="true"
                                clientAuth="false" sslProtocol="TLS"
                                keystoreFile="/root/.keystore"
                                keystorePass="mycertificate"
                                truststoreFile="/usr/lib/jvm/java-1.5.0-sun/jre/lib/
                                security/cacerts" />