Generate Keys 2

[yama]

Hi, i am using JBuilder 4 with tomcat 3.1. Recently, I want to implement SSL for my website, so I went to Verisign.com to sign up for a trial Server ID. In the process, they request the webserver to generate a private and csr key. they have instruction for various server but not tomcat.
Is there anyway to generate keys for SSL?
thanks!

 

[wushutwist]

Here is a link to the instructions on Tomcat's website:

http://jakarta.apache.org/tomcat/tomcat-3.2-doc/tomcat-ssl-howto.html

. It should be pretty straight-forward, let me know how it goes. Wushutwist

 

[yama]

hmm...i gone through the page but i have abit problem with understanding it completely.
firstly, do i have to download the jsse from sun microsystem to enable the SSL or i just type in the code needed to activate the SSL?

secondly, if i had download the jsse, where do i put the files? i am using JBuilder and its abit of problem 'cos JBuilder do everything for me, I am not very sure of the directory structure.

thirdly, do i not need to use Verisign product for encryption after using the JSSE to generate the certs?

thanks and sorry for the trouble.

 

[wushutwist]

Tomcat Documentation:

jsse jars MUST BE IN BOTH CLASSPATH and $JAVA_HOME/jre/lib/ext (JAVA > 1.2) 
from server.xml doc.You _need_ to set up a server certificate if you want this to work, and you need JSSE. 
Add JSSE jars to CLASSPATH 
Edit $JAVA_HOME/jre/lib/security/java.security
Add: security.provider.2=com.sun.net.ssl.internal.ssl.Provider 
Do: keytool -genkey -alias tomcat -keyalg RSA
RSA is essential to work with Netscape and IIS. Use "changeit" as password (or add keypass attribute). You don't need to sign the certificate. You can set parameter keystore and keypass if you want to change the default ($HOME/.keystore with changeit) 
I suggest you install jcert.jar, jnet.jar and jsse.jar in $JAVA_HOME/jre/lib/ext and then add them to your CLASSPATH export 


CLASSPATH=$JAVA_HOME/jre/lib/ext/jcert.jar:$CLASSPATH 
export CLASSPATH=$JAVA_HOME/jre/lib/ext/jnet.jar:$CLASSPATH
export CLASSPATH=$JAVA_HOME/jre/lib/ext/jsse.jar:$CLASSPATH

You could also copy the 3 jars into $TOMCAT_HOME/lib/ so they are under the existing CLASSPATH at tomcat startup (tomcat.sh).

My Translation:
1) Go download JSSE at

http://java.sun.com/products/jsse/index-102.html

. You will need to register and all that jazz.
2) Unzip the file and copy the contents of lib into your JAVA_HOME/jre/lib/ext directory. Also copy these to TOMCAT_HOME/lib.
3) Add the jar files to your System CLASSPATH.
4) Open JAVA_HOME/jre/lib/security/java.security and add a new provider Security provider list: security.provider.3=com.sun.net.ssl.internal.ssl.Provider
5) Generate your key file by running:
keytool -genkey -alias tomcat -keyalg RSA
Additionally you can specify the location for the .keystore file with the -keystore option. The default location is USER_HOME/. The Tomcat instructions give a bit more info on this piece. It is pretty straight-forward.
6) Place the .keystore file where ever you like and edit your Tomcat server.xml file. Specifically you need the following:
<Connector className=&quot;org.apache.tomcat.service.PoolTcpConnector&quot;>
<Parameter name=&quot;handler&quot; value=&quot;org.apache.tomcat.service.http.HttpConnectionHandler&quot;/>
<Parameter name=&quot;port&quot; value=&quot;8443&quot;/> Your Choice
<Parameter name=&quot;socketFactory&quot; value=&quot;org.apache.tomcat.net.SSLSocketFactory&quot;/>
<Parameter name=&quot;keystore&quot; value=&quot;/var/tomcat/conf/keystore&quot; /> Your Choice
<Parameter name=&quot;keypass&quot; value=&quot;changeit&quot;/> Your Choice
<Parameter name=&quot;clientAuth&quot; value=&quot;true&quot;/>
</Connector>

That should be it. I am going to write another post explaining the whole Verisign thing and why it is important.
Wushutwist

 

[yama]

oh...thanks alot for your help, will be waiting for your post =)
thanks again

 

[yama]

hmm..sorry to bother you again, but where its all the JAVA_HOME and TOMCAT_HOME found in the JBuilder?
In my JBuilder, i have a folder called jdk1.3, which has subfolder jre --> lib but no ext. where should i go bout it?
thanks!

 

[wushutwist]

Use whatever jdk is on your System CLASSPATH. If a ext directory does not exists than just create one.

Also for step 5 in my instructions:
5) Generate your key file by running:
keytool -genkey -alias tomcat -keyalg RSA
Additionally you can specify the location for the .keystore file with the -keystore option. The default location is USER_HOME/. The Tomcat instructions give a bit more info on this piece. It is pretty straight-forward.

This is executed from your command prompt. That is why it is important to make sure you have everything you need on your System CLASSPATH. Wushutwist

 

[yama]

hmm...i know my question sounds abit stupid but where is the system classpath?
thanks!

 

[yama]

hmm..i generate my .keystore file and put it into C:\JBuilder4\tomcat\conf
wat configuration do i make to server.xml concerning --> <Parameter name=&quot;keystore&quot; value=&quot;/var/tomcat/conf/keystore&quot; /> ? and how do i implement SSL into my website?
thanks!

 

[yama]

Hi, another question here, =)
how do i generate my .csr file after i generate the .keystore file?
i need the csr file to register with verisign. thanks

 

[wushutwist]

I am not so sure about this. You may want to contact Verisign and they should be able to help you. Unless someone else here has any input. Wushutwist

 

[ramkumars]

check this link. I followed the instructions here and it worked. ( i mean i am able to implement SSL for my site)

http://w4.metronet.com/~wjm/tomcat/2000/Nov/msg00238.html.

Though this does not say anything about generating .csr file

Ram

 

[yama]

Hi, may i know how you set up SSL for your page? 'cos I am having trouble trying to set up connection to HTTPS protocols.
thanks!