Add Verisign Trail Certificate to Tomcat Server

 

Add Verisign Trail Certificate to Tomcat Server

Release:

Apache Tomcat 5.5

Windows Enterprise Server 2003

JDK 1.3.1 or later

Problem:

Need to add Verisign Trial Certificate to Apache Tomcat Server

Solution:

Creating the CSR file:

1. Create a certificate keystore and private key by executing the below command

C:\Program Files\Java\jre1.5.0_12\bin>keytool -genkey -alias tomcat -keyalg RSA -keystore C:\keystore -keysize 2048

Enter keystore password:  sbs@123

What is your first and last name?

  [Unknown]: YOUR DOMAIN NAME

What is the name of your organizational unit?

  [Unknown]:  YOUR ORGANIZATION NAME

What is the name of your organization?

  [Unknown]:  YOUR ORGANIZATION NAME

What is the name of your City or Locality?

  [Unknown]:  CHENNAI

What is the name of your State or Province?

  [Unknown]:  TAMILNADU

What is the two-letter country code for this unit?

  [Unknown]:  IN

Is CN= DOMAIN NAME, OU= ORGANIZATION NAME, O= ORGANIZATION NAME, L=CHENNAI, ST=TAMILNADU, C=IN correct?

  [no]:  YES

Enter key password for

        (RETURN if same as keystore password):  sbs@123

2. Create a  CSR (Certificate Signing Request) using the below command

C:\Program Files\Java\jre1.5.0_12\bin>keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore c:\keystore

Enter keystore password:  sbs@123

Note: The above command create a file in C drive in a name “certreq.csr”.

Enroll the CSR file:

3. To verify the CSR go to the below link and  check the status

https://ssl-tools.verisign.com/checker/

4. First time to start the enrollment go to the below link and create an account. If you have a login id, login to your account and submit the CSR to Verisign.

https://www.verisign.com/ssl/buy-ssl-certificates/index.html

Install CA Certificate:

5. After submitting your CSR, Verisign will send one mail with  the original certificate.

6. Copy the Primary Intermediate CA from the below link and save it in a notepad as “primary_inter.cer”, also import this to keystore

http://www.verisign.com/support/verisign-intermediate-ca/Trial_Secure_Server_Root/index.html

C:\Program Files\Java\jre1.5.0_12\bin>keytool -import -trustcacerts -alias root -keystore c:\keystore -file c:\primary_inter.cer

7. Copy the Secondary Intermediate CA from the below link and save it in a notepad as “secondary_inter.cer”, also import this to keystore

http://www.verisign.com/support/verisign-intermediate-ca/trial-secure-server-intermediate/index.html

C:\Program Files\Java\jre1.5.0_12\bin>keytool -import -trustcacerts -alias intermediate t -keystore c:\keystore -file c:\secondary_inter.cer

Install the SSL Certificate:

8. Copy and paste the Verisign send certificate to a notepad and save the file as “cert.cer”, also import the SSL Certificates

C:\Program Files\Java\jre1.5.0_12\bin>keytool -import –alias tomcat -keystore c:\keystore -trustcacerts -file c:\cert.cer

Edit server.xml to enable SSL in tomcat 5.5:

9. Open the server.xml using the notepad ( location: C:\Program Files\Apache Software Foundation\Tomcat 5.5\conf ) and edit the below

          

port="80" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" />  

    

  

     maxThreads="150" minSpareThreads="25" maxSpareThreads="75"     enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="c:\keystore" keystorePass="sbs@123"/>

10. Now restart the Tomcat application from “Services”  ( Run → services.msc ) and check the application.