Dec 16, 2010

Add Verisign Trail Certificate to Tomcat Server

 
Add Verisign Trail Certificate to Tomcat Server


Release:
Apache Tomcat 5.5
Windows Enterprise Server 2003
JDK 1.3.1 or later

Problem:
Need to add Verisign Trial Certificate to Apache Tomcat Server

Solution:

Creating the CSR file:

  1. Create a certificate keystore and private key by executing the below command

C:\Program Files\Java\jre1.5.0_12\bin>keytool -genkey -alias tomcat -keyalg RSA -keystore C:\keystore -keysize 2048

Enter keystore password:  sbs@123
What is your first and last name?
  [Unknown]: YOUR DOMAIN NAME
What is the name of your organizational unit?
  [Unknown]:  YOUR ORGANIZATION NAME
What is the name of your organization?
  [Unknown]:  YOUR ORGANIZATION NAME
What is the name of your City or Locality?
  [Unknown]:  CHENNAI
What is the name of your State or Province?
  [Unknown]:  TAMILNADU
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN= DOMAIN NAME, OU= ORGANIZATION NAME, O= ORGANIZATION NAME, L=CHENNAI, ST=TAMILNADU, C=IN correct?
  [no]:  YES

Enter key password for
        (RETURN if same as keystore password):  sbs@123

  1. Create a  CSR (Certificate Signing Request) using the below command

C:\Program Files\Java\jre1.5.0_12\bin>keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore c:\keystore

Enter keystore password:  sbs@123

Note: The above command create a file in C drive in a name “certreq.csr”.


Enroll the CSR file:

  1. To verify the CSR go to the below link and  check the status



  1. First time to start the enrollment go to the below link and create an account. If you have a login id, login to your account and submit the CSR to Verisign.


Install CA Certificate:

  1. After submitting your CSR, Verisign will send one mail with  the original certificate.

  1. Copy the Primary Intermediate CA from the below link and save it in a notepad as “primary_inter.cer”, also import this to keystore


C:\Program Files\Java\jre1.5.0_12\bin>keytool -import -trustcacerts -alias root -keystore c:\keystore -file c:\primary_inter.cer

  1. Copy the Secondary Intermediate CA from the below link and save it in a notepad as “secondary_inter.cer”, also import this to keystore


C:\Program Files\Java\jre1.5.0_12\bin>keytool -import -trustcacerts -alias intermediate t -keystore c:\keystore -file c:\secondary_inter.cer

Install the SSL Certificate:

  1. Copy and paste the Verisign send certificate to a notepad and save the file as “cert.cer”, also import the SSL Certificates

C:\Program Files\Java\jre1.5.0_12\bin>keytool -import –alias tomcat -keystore c:\keystore -trustcacerts -file c:\cert.cer


Edit server.xml to enable SSL in tomcat 5.5:

  1. Open the server.xml using the notepad ( location: C:\Program Files\Apache Software Foundation\Tomcat 5.5\conf ) and edit the below

          
port="80" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" />  

    
  
     maxThreads="150" minSpareThreads="25" maxSpareThreads="75"     enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="c:\keystore" keystorePass="sbs@123"/>

  1. Now restart the Tomcat application from “Services”  ( Run → services.msc ) and check the application.


1 comment:

james White said...

Thanks for the walkthrough work fine for me, we have just installed a training application at work on a tomcat server and it requires SSL for the exam, got use a trial account as a temporary fix for now