Monday, August 30, 2010

How to generate & add certificates using keytool

Some times you need to use secure http calls depending upon requirements.

At that time if you want to generate a certificate temporarily here are the simple steps for how to generate , put it in JDK & how to configure the same in server (Here i am using tomcat).I got explored a bit while integrating CAS with Liferay.

C:\Documents and Settings\nagendra.busam>keytool -genkey -alias cas-liferay-infocast -keypass changeit -keyalg RSA
Enter keystore password:
What is your first and last name?
[Unknown]: localhost
What is the name of your organizational unit?
[Unknown]: Information systems
What is the name of your organization?
[Unknown]: CIGNEX
What is the name of your City or Locality?
[Unknown]: AHMEDABAD
What is the name of your State or Province?
[Unknown]: GUJARAT
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=localhost, OU=Information systems, O=CIGNEX, L=AHMEDABAD, ST=GUJARAT, C=IN correct?
[no]: yes

C:\Documents and Settings\nagendra.busam>keytool -export -alias cas-liferay -keypass changeit -file D:\projects\liferay\project-docs\infocast\server_cas_infocast.crt
Enter keystore password:
Certificate stored in file

C:\Documents and Settings\nagendra.busam>keytool -import -file D:\projects\liferay\project-docs\infocast\server_cas_infocast.crt -keypass changeit -keystore C:\Java\jdk1.6.0_19\jre\lib\security\cacerts
Enter keystore password:
keytool error: java.lang.Exception: Certificate not imported, alias <mykey> already exists

Some times you will get above error (here mykey is the default alias - it might have taken already). In that case import the certificate with alias name as below
C:\Documents and Settings\nagendra.busam>keytool -import -alias cas-liferay-infocast -file D:\projects\liferay\project-docs\infocast\server_cas_infocast.crt -keystore C:\Java\jdk1.6.0_19\jre\lib\security\cacerts

Here is my server.xml related change in TOMCAT_HOME/conf

Search for 8443 in that file, you will find some thing like this
<connector clientauth="false" maxthreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslenabled="true" sslprotocol="TLS"></connector>
change above to
<connector clientauth="false" keyalias="cas-liferay-infocast" maxthreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslenabled="true" sslprotocol="TLS"
keystorefile="C:/Documents and Settings/nagendra.busam/.keystore" keystorepass="changeit"
Reference link(s)

No comments:

Post a Comment