...
Take a look inside your keystore and you should see the newly added certs with their unique alias.
Warning |
---|
This article is in process of being migrated from the old wiki. |
Code Block | ||
---|---|---|
| ||
eytool -keystore mywebservices.bin -list
entrust-l1b, Oct 9, 2009, trustedCertEntry,
Certificate fingerprint (MD5): C2:DF:86:BD:E4:8B:FF:26:4D:AE:6A:26:1D:7A:70:D9
entrust-2048-root, Oct 9, 2009, trustedCertEntry,
Certificate fingerprint (MD5): CC:23:87:09:9B:09:3A:6F:5E:62:EB:F4:73:54:E9:28
pkiwebservices, Oct 8, 2009, keyEntry,
Certificate fingerprint (MD5): 02:70:28:DE:A6:BC:0B:5E:3C:FB:BF:B3:68:8F:0F:32 |
Import Your Certificate (Signed Keystore File)
Finally you can import your new Certificate making sure to use the same alias on the initial generation, pkiwebservices as you are replacing the self-signed cert already in the keystore.
Code Block | ||
---|---|---|
| ||
keytool -import -alias mywebservices -keystore mywebservices.bin -trustcacerts -file <filename_of_the_chain_certificate>
Certificate reply was installed in keystore # This is the expected response |
This action replaces the self-signed certificate with a proper signed certificate. This is considered the first and bottom chain in a chain of certificates.
Configure Tomcat to Use the SSL Certificate
The final step is to configure Tomcat to use SSL.
Resources
This is an abridged and modified version of the following articles,
http://techtracer.com/2007/09/12/setting-up-ssl-on-tomcat-in-3-easy-steps/ http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html http://www.manpagez.com/man/1/keytool/ - section on Certificate Chains was helpful