tag:blogger.com,1999:blog-26227933450831535912011-07-02T22:44:23.097-07:00CredenseSatish Kumar Rachahttp://www.blogger.com/profile/05671767574131890622noreply@blogger.comBlogger11100tag:blogger.com,1999:blog-2622793345083153591.post-38225160885705864742008-06-17T07:32:00.000-07:002008-06-17T07:36:26.580-07:00TOMCAT SSL Generation PROCESS<p class="MsoNormal"> </p><h2><span style="color:maroon;"><o:p> </o:p></span><o:p></o:p><span style="color:maroon;">TOMCAT SSL Generation PROCESS<o:p></o:p></span></h2> <p class="MsoNormal"><b>STEP 1:<o:p></o:p></b></p> <p class="MsoNormal">Using Keytool generate a keystore</p> <p class="MsoNormal"><span style=""> </span></p> <p class="MsoNormal"><span style=""> </span>keytool -genkey -alias <alias> -keyalg RSA<span style=""> </span>-keystore <keystorename></keystorename></alias></p> <p class="MsoNormal"><b>Note:<o:p></o:p></b></p> <p class="MsoNormal">Then the key tool will ask for password give that . Then it is ask for the first name give the system name where the certificate is installed or the URL which is used to access from the browser.</p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">What is your first and last name?</p> <p class="MsoNormal"><span style=""> </span>[Unknown]:<span style=""> Satish</span>(System name)</p> <p class="MsoNormal">What is the name of your organizational unit?</p> <p class="MsoNormal"><span style=""> </span>[Unknown]:<span style=""> </span>satish </p> <p class="MsoNormal">What is the name of your organization?</p> <p class="MsoNormal"><span style=""> </span>[Unknown]:<span style=""> </span>credense</p> <p class="MsoNormal">What is the name of your City or Locality?</p> <p class="MsoNormal"><span style=""> </span>[Unknown]:<span style=""> </span>hyd</p> <p class="MsoNormal">What is the name of your State or Province?</p> <p class="MsoNormal"><span style=""> </span>[Unknown]:<span style=""> </span>ap</p> <p class="MsoNormal">What is the two-letter country code for this unit?</p> <p class="MsoNormal"><span style=""> </span>[Unknown]:<span style=""> </span>in</p> <p class="MsoNormal">Is CN=satish, OU=satish, O=credense, L=hyd, ST=ap, C=in correct?</p> <p class="MsoNormal"><span style=""> </span>[no]:<span style=""> </span>y</p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Enter key password for <tomcrt></tomcrt></p> <p class="MsoNormal"><span style=""> </span><span style=""> </span>(RETURN if same as keystore password):</p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><b>STEP 2:<o:p></o:p></b></p> <p class="MsoNormal">Export a public key to a file<span style=""> </span></p> <p class="MsoNormal"><span style=""> </span>keytool -export -file <certificatename> -keystore <keystorename> -alias <alias></alias></keystorename></certificatename></p> <p class="MsoNormal"><b><o:p> </o:p></b></p> <p class="MsoNormal"><b>STEP 3:<o:p></o:p></b></p> <p class="MsoNormal">The below step is not necessary if we give the path in the startup.bat</p> <p class="MsoNormal">The trustStore is the path and name of the java key store (jks) </p> <p class="MsoNormal">And the truststorepassword is the password for the keystore.</p> <p class="MsoNormal">If we have not given this tomcat will take the default keystore as j2sdk1.4.2_10\jre\lib\security\cacerts and the default password is “changeit” if we have not given the string .<span style="background: silver none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"> -Djavax.net.ssl.trustStorePassword</span> in startweblogic.cmd.</p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><span style="background: silver none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;">set JAVA_OPTS= -Djavax.net.ssl.trustStore="D:\Satish\ssl\keys\allcerts.jks" -Djavax.net.ssl.trustStorePassword=allcerts</span></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">The following step in not required if we have done the above:</p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Then import the above-generated public key to</p> <p class="MsoNormal"><span style=""> </span>j2sdk1.4.2_10\jre\lib\security\cacerts</p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Import the Weblogic public key to the above tomcat keystore if tomcat has to communicate with weblogic.</p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">E.g.:<span style=""> </span><span style=""> </span></p> <p class="MsoNormal"><span style=""> </span>keytool -import<span style=""> </span>-keystore test.keystore -file<span style=""> </span>satishcrt.pem</p> <p class="MsoNormal"><span style=""> </span></p> <p class="MsoNormal"><span style=""> </span>Weblogic</p> <p class="MsoNormal"><span style=""> </span>And also import the tomcart Certificate to weblogic keystore to communicate from tomcat to weblogic</p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">E.g.:<span style=""> </span></p> <p class="MsoNormal"><span style=""> </span><span style=""> </span>keytool -import<span style=""> </span>-keystore satish.jks<span style=""> </span>-file<span style=""> </span>abc.crt</p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><b>Step4:<o:p></o:p></b></p> <p class="MsoNormal">Configuring the server.xml file</p> <p class="MsoNormal">Open the server.xml file in config folder of Tomcat.</p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Place or modify the following tag in server.xml</p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><span style="background: silver none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><connector port="8443"></connector></span></p> <p class="MsoNormal"><span style="background: silver none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style=""> </span>maxThreads="150" minSpareThreads="25" maxSpareThreads="75"<o:p></o:p></span></p> <p class="MsoNormal"><span style="background: silver none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style=""> </span>enableLookups="false" disableUploadTimeout="true"<o:p></o:p></span></p> <p class="MsoNormal"><span style="background: silver none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style=""> </span>acceptCount="100" debug="0" scheme="https" secure="true"<o:p></o:p></span></p> <p class="MsoNormal"><span style="background: silver none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style=""> </span>clientAuth="false" sslProtocol="TLS" KeystoreFile="D:\Satish\ssl\keys\tomeg.jks" KeystorePass="changeit"<span style=""> </span>/></span></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">port<span style=""> </span>: Port of the tomcat</p> <p class="MsoNormal">KeystoreFile: Name and path of the tomcat Keystore .</p> <p class="MsoNormal">KeystorePass: Password of tomcat keystore.</p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><b><o:p> </o:p></b></p> <p class="MsoNormal"><b>Step6:<o:p></o:p></b></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Modify the .java files where the port numbers and the protocol is given like </p> <p class="MsoNormal">http:// <span style="font-family:Wingdings;"><span style="">à</span></span> https://</p> <p class="MsoNormal">for tomcat 8080<span style="font-family:Wingdings;"><span style="">à</span></span>8443</p> <p class="MsoNormal">for Weblogic 7001<span style="font-family:Wingdings;"><span style="">à</span></span> 7002</p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2622793345083153591-3822516088570586474?l=credense.blogspot.com' alt='' /></div>Satish Kumar Rachahttp://www.blogger.com/profile/05671767574131890622noreply@blogger.com0