Browse to the intermediate certificate file and select it.Go to the Tools menu and select Import Trusted Certificate.Browse to the signed certificate from the CA.Right-click on the private key and select Import CA Reply → From File.If the private key and the certificate have been created with the Keystore Explorer, import the signed certificate back into the keystore: The JKS format is the right format for using the NIO protocol. crt file together with the signed certificate. Make sure that the intermediate certificate is included in the. If the private key and the certificate have been created using OpenSSL, they are already in the PKCS #12 format. The PKCS #12 format is the right format for using the APR/native protocol. You will get back a signed certificate and optionally an intermediate and a root certificate that are specific to the CA. Use the CSR file generated in the steps above to obtain a signed certificate from your preferred Certificate Authority (CA). Browse to select a location to save the.Right-click on the private key and select Generate CSR.Create a Certificate Signing Request (CSR):.Enter a file name value such as Ĭhange this value to match your eMuseum domain plus.Browse to the root of the Tomcat installation directory.Click the save icon or go to the File menu and select Save.The validity period determines how long the certificate will be valid for Select 1 to 5 years for the validity period.Select SHA-256 with RSA as the signature algorithm.On the Generate Key Pair Certificate screen:.In the Generate Key Pair prompt select RSA and make sure the Key Size is set to 2,048.Go to the Tools menu and select Generate Key Pair.Download and install the KeyStore Explorer application.Press enter when prompted for "company name".Press enter when prompted for "challenge password". The Common Name (CN) must be the fully qualified domain name of the site-e. g. When prompted, provide the following information: (replace collections-mymuseum-org with the same value as in the previous step) Openssl req -new -key collections-mymuseum-org-key.pem -out collections-mymuseum-org.csr Install OpenSSL (or download the OpenSSL binaries)įor Windows unpack the downloaded file to C:\eMuseum\ and define environment variables by opening a command prompt and running these two commands:.The first step is to create a keypair that consists of a private key and certificate which will be wrapped in a Certificate Signing Request (CSR). Create Certificate and Certificate Singing Request If you choose this option, use either the Keystore Explorer to create the certificate and the keystore. The NIO protocol is implemented in pure Java and uses the JKS keystore type. If you choose this option, use OpenSSL to create the certificate in the PKCS #12 format. The APR/native protocol requires OpenSSL and the Tomcat Native library to be installed. Though it is possible to convert from one format to the other we recommend to create the keystore, the certificate and key files in the format specific to the protocol from the beginning. Each protocol uses a different keystore format. Tomcat supports two protocols for handling HTTPS, the APR/native and the NIO, which are described below. Configure Tomcat to enable HTTPS and use the keystore.Create a keystore that includes both the private key and the signed certificate.Send the CSR to a Certificate Authority (CA) to obtain a signed certificate.
0 Comments
Leave a Reply. |