Thursday, September 2, 2010

CREATING DOUBLE SSL CERTIFICATE USING TOMCAT JAVA 5

Creating double SSL certificate steps:

Step 1

Create a Keystore:

Command : keytool -genkey -v -alias tomcat -keyalg RSA -validity 3650 -keystore yourcompany.keystore

This leads to a series of question where I am giving password as "changeit"(wherever required),

First and Last Name

localhost/IP Address

Organization Unit

IT

Organization Name

Your company name

City

Bangalore

State

Karnataka

Country (two letter code)

IN

Step 2

Creating Client cert and Keys

Command: keytool -genkey -v -alias KumarPallavCert -keyalg RSA -storetype PKCS12 -keystore KumarPallav.p12

Password: changeit

First Name or Last Name

Rest details as same as first step

Step 3

Adding Certificate Public key to keystore

Command: keytool -export -alias KumarPallavCert -keystore KumarPallav.p12 -storetype PKCS12 -rfc -file kumarpallav.cer

STEP 4

Command : keytool -import -v -file kumarpallav.cer -keystore yourcompany.keystore –alias KumarPallavCert

password =changeit

Configuring server.xml in tomcat/conf

add following lines

port ="8443" minProcessors="5" maxProcessors="75"

protocol="HTTP/1.1" SSLEnabled="true"

maxThreads="150"

enableLookups="false" disableUploadTimeout="true"

acceptCount="100" debug="0" scheme="https" secure="true"

clientAuth="true" sslProtocol="TLS"

keystoreFile="yourcompany.keystore"

keystorePass="changeit"

truststoreFile="yourcompany.keystore"

truststorePass="changeit"

/>

NB : Put yourcompany.keystore inside tomcat root directory example ApacheTomcat6.0.14 along with directory as conf, bin etc.