www.bonsaiframework.com
Page tree

Versions Compared

Old Version 8

changes.mady.by.user Tin Pham

Saved on

compared with

New Version 9

changes.mady.by.user Tin Pham

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In this example we are generating a key called <your_cert_alias> and storing it in a brand new keystore called mywebservices.bin.

Code Block
langlanguagehtmlxml
su - serveradmin
cd /opt/jre1.6.0_12/bin/
# Create a local Certificate
keytool -genkey -alias <your_cert_alias> -keyalg RSA -keystore mywebservices.bin

...

As a result, a brand new keystore file is generated. You can confirm this,

Code Block
langlanguagehtmlxml
keytool -keystore mywebservices.bin -list

Enter keystore password:  ******

Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

mywebservices, Oct 8, 2009, keyEntry,
Certificate fingerprint (MD5): 02:70:28:DE:A6:BC:0B:5E:3C:FB:BF:B3:68:8F:0F:32

...

In this step we generate the request for the SSL certificate.

Code Block
langlanguagehtmlxml
# Generate the CSR (Certificate Service Request)
keytool -certreq -keyalg RSA -alias mywebservices -file mywebservices.csr -keystore mywebservices.bin
# It is important that the cert files be in the webapps directory
mv mywebservices.* /opt/apache-tomcat-6.0.18/webapps/

...

Take a look inside your keystore and you should see the newly added certs with their unique alias.



Code Block
langlanguagehtmlbash
eytool -keystore mywebservices.bin -list
entrust-l1b, Oct 9, 2009, trustedCertEntry,
Certificate fingerprint (MD5): C2:DF:86:BD:E4:8B:FF:26:4D:AE:6A:26:1D:7A:70:D9
entrust-2048-root, Oct 9, 2009, trustedCertEntry,
Certificate fingerprint (MD5): CC:23:87:09:9B:09:3A:6F:5E:62:EB:F4:73:54:E9:28
pkiwebservices, Oct 8, 2009, keyEntry,
Certificate fingerprint (MD5): 02:70:28:DE:A6:BC:0B:5E:3C:FB:BF:B3:68:8F:0F:32

...

Finally you can import your new Certificate making sure to use the same alias on the initial generation, pkiwebservices as you are replacing the self-signed cert already in the keystore.

Code Block
langlanguagehtmlxml
keytool -import -alias mywebservices -keystore mywebservices.bin -trustcacerts -file <filename_of_the_chain_certificate>
Certificate reply was installed in keystore # This is the expected response

...