Difference between revisions of "Managing SSL Certificates"
imported>Aeric |
imported>Aeric m (Text replace - '{platform_installation}' to '{install_dir}') |
||
| Line 10: | Line 10: | ||
'''To create a Certificate Signing Request (CSR)''' | '''To create a Certificate Signing Request (CSR)''' | ||
#Create a keystore (<tt>longjump</tt>) and private key (<tt>tomcat</tt>) in this directory: | #Create a keystore (<tt>longjump</tt>) and private key (<tt>tomcat</tt>) in this directory: | ||
#:<tt>{ | #:<tt>{install_dir}/tomcat/conf/RN</tt> | ||
#:<pre>keytool -genkey -alias tomcat -keyalg RSA -keystore longjump</pre> | #:<pre>keytool -genkey -alias tomcat -keyalg RSA -keystore longjump</pre> | ||
#Create a CSR from the keystore (<tt>longjump</tt>) | #Create a CSR from the keystore (<tt>longjump</tt>) | ||
| Line 34: | Line 34: | ||
#Add the new certificate to this directory: | #Add the new certificate to this directory: | ||
#:<tt>{ | #:<tt>{install_dir}/tomcat/conf/RN</tt> | ||
#Edit <tt>{ | #Edit <tt>{install_dir}/tomcat/conf/server.xml</tt> file | ||
#Replace the following line: | #Replace the following line: | ||
#:<tt>keystoreFile="conf/RN/thirdParty" keystorePass="algrsa"</tt> | #:<tt>keystoreFile="conf/RN/thirdParty" keystorePass="algrsa"</tt> | ||
Revision as of 00:08, 23 June 2011
Managing SSL Certificates
Obtaining an SSL Certificate
The platform provides a default self-signed certificate which is used by the Application Server.
To obtain and install your own SSL Certificate, make a request to a Certificate Authority (CA). An SSL certificate authenticates a website to a web browser, part of a security protocol to manage secure data exchange.
The CA will accept your Certificate Signing Request and generate a certificate which identifies your website as a secured website.
To create a Certificate Signing Request (CSR)
- Create a keystore (longjump) and private key (tomcat) in this directory:
- {install_dir}/tomcat/conf/RN
keytool -genkey -alias tomcat -keyalg RSA -keystore longjump
- Create a CSR from the keystore (longjump)
keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore longjump
- The result is a file: certreq.csr, which can be submitted to the CA
Once you have obtained a certificate from the CA, in addition to your certificate, the CA might provide an Chain/Root Certificate, which must be installed/imported into the keystore created in the previous section.
To Install the Certificate
- If you have received the chain certificate from the (CA), complete #1 - #3:
- If you have NOT received the chain certificate from the (CA), complete #3 only:
- Install/import the chain certificate: Copy the contents of the chain certificate into a file called chain
- Import the chain certificate into your keystore:
keytool -import -alias root -keystore longjump -trustcacerts -file chain
- Import the certificate received from the CA:
keytool -import -alias tomcat -keystore longjump -trustcacerts -file <certificate filename >
Replacing the Default SSL Certificate
To replace the certificate:
- Add the new certificate to this directory:
- {install_dir}/tomcat/conf/RN
- Edit {install_dir}/tomcat/conf/server.xml file
- Replace the following line:
- keystoreFile="conf/RN/thirdParty" keystorePass="algrsa"
- with:
- keystoreFile="conf/RN/your_certficate_file_name"
- keystorePass="your_password_for_certificate_store"
- keystoreFile="conf/RN/thirdParty" keystorePass="algrsa"
- Save the file
- Restart the application server
The Application Server will now use your certificate file for communication over https.
Learn More
- Certificate Signing Request (CSR) Generation Instructions-Tomcat, at
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR227