PDA

View Full Version : [ubuntu] create CA and sign a certificate to use it with Tomcat



lulon
May 4th, 2008, 06:47 PM
Hi, I need help with this, please, I'm doing my final project degree.

I want to create a CA to sign my certificate. This is what I do:

1. I've created my certificate with keytool.

2. With this certificate I've created my CSR

3. I've created a new CA with Openssl:


./CA.pl -newca


a name
secret passphrase for the private key
more information


4. I've rename the CSR with the name "newreq.pem" and then I've signed it.


./CA.pl -sign

5. Now, I have the new certificate signed, "newcert.pem"

6. What do I have to do for use them with Tomcat??
I think I have to install the CA certificate and the signed certificate, but how??

Thanks.

cbobb@alinean.com
May 8th, 2008, 10:15 PM
If you are using tomcat 6.x

Generate the cert / csr creation:

http://www.digicert.com/csr-creation-tomcat.htm

Install the generated cert into the Tomcat Keystore:

http://www.digicert.com/ssl-certificate-installation-tomcat.htm

Hope that helps.

datajelly
August 15th, 2008, 05:17 AM
I had originally bumped into some problems getting SSL installed in Tomcat. I think basically what you'll need to do is convert the .pem file into a .p12 file. I've written up the steps I took to get it running. It was originally done for Windows (ugh), but we've since moved it over to Ubuntu with no problems, I hope you might find it helpful:

http://blog.datajelly.com/2007/06/adding-ssl-to-tomcat.html