SSL Certs, SSL Certificate, SSL CertificatesSSL Certificates

Securing Your Online Business

Jakarta Tomcat

Open a new command prompt.

  1. Create a local Certificate keystore.

    keytool -genkey -alias tomcat -keyalg RSA \ -keystore

    Important:
    ! Always specify your keystore location when it is being created.
    ! If you are renewing your certificate you must create a new key pair and keystore.
    ! Please use the SAME alias when creating your CSR and installing your certificate that you use to create your self-signed keystore.

    As an example:

    C:\>keytool -genkey -alias myalias -keyalg RSA -keystore c:\.mykeystore
    Enter keystore password: password
    What is your first and last name?
    [Unknown]: www.testcertificates.com
    What is the name of your organizational unit?
    [Unknown]: Entrust CS
    What is the name of your organization?
    [Unknown]: Entrust
    What is the name of your City or Locality?
    [Unknown]: Ottawa
    What is the name of your State or Province?
    [Unknown]: Ontario
    What is the two-letter country code for this unit?
    [Unknown]: CA
    Is CN=www.testcertificates.com, OU=Entrust CS, O=Entrust, L=Ottawa, ST=Ontario, C=CA correct?
    [no]: yes

    Enter key password for
    (RETURN if same as keystore password):

    The same password MUST be used.

    Important: Tomcat will recognize the location of this keystore even if the specified attributes in your server.xml point to a different keystore.

    C:\>

  2. Confirm your keystore has been created.

    C:\>keytool -list -v -keystore c:\.mykeystore
    Enter keystore password: password

    Keystore type: jks
    Keystore provider: SUN

    Your keystore contains 1 entry

    Alias name: myalias
    Creation date: Jan 8, 2003
    Entry type: keyEntry
    Certificate chain length: 1
    Certificate[1]:
    Owner: CN=www.testcertificates.com, OU=Entrust CS, O=Entrust, L=Ottawa, ST=Ontario, C=CA
    Issuer: CN=www.testcertificates.com, OU=Entrust CS, O=Entrust, L=Ottawa, ST=Ontario, C=CA
    Serial number: 3e1cd4e9
    Valid from: Wed Jan 08 20:48:25 EST 2003 until: Tue Apr 08 21:48:25 EDT 2003
    Certificate fingerprints:
       MD5: D0:BA:7C:A4:D1:D9:CF:46:38:E5:48:22:8E:AB:E2:9B
       SHA1: 4A:33:FA:11:D6:5F:F4:73:9D:7A:2B:E2:89:F8:C3:57:69:0C:DC:7E