Some times you need to use secure http calls depending upon requirements.
At that time if you want to generate a certificate temporarily here are the simple steps for how to generate , put it in JDK & how to configure the same in server (Here i am using tomcat).I got explored a bit while integrating CAS with Liferay.
C:\Documents and Settings\nagendra.busam>keytool -genkey -alias cas-liferay-infocast -keypass changeit -keyalg RSA
Enter keystore password:
What is your first and last name?
[Unknown]: localhost
What is the name of your organizational unit?
[Unknown]: Information systems
What is the name of your organization?
[Unknown]: CIGNEX
What is the name of your City or Locality?
[Unknown]: AHMEDABAD
What is the name of your State or Province?
[Unknown]: GUJARAT
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=localhost, OU=Information systems, O=CIGNEX, L=AHMEDABAD, ST=GUJARAT, C=IN correct?
[no]: yes
C:\Documents and Settings\nagendra.busam>keytool -export -alias cas-liferay -keypass changeit -file D:\projects\liferay\project-docs\infocast\server_cas_infocast.crt
Enter keystore password:
Certificate stored in file
C:\Documents and Settings\nagendra.busam>keytool -import -file D:\projects\liferay\project-docs\infocast\server_cas_infocast.crt -keypass changeit -keystore C:\Java\jdk1.6.0_19\jre\lib\security\cacerts
Enter keystore password:
keytool error: java.lang.Exception: Certificate not imported, alias <mykey> already exists
Some times you will get above error (here mykey is the default alias - it might have taken already). In that case import the certificate with alias name as below
C:\Documents and Settings\nagendra.busam>keytool -import -alias cas-liferay-infocast -file D:\projects\liferay\project-docs\infocast\server_cas_infocast.crt -keystore C:\Java\jdk1.6.0_19\jre\lib\security\cacerts
Here is my server.xml related change in TOMCAT_HOME/conf
Search for 8443 in that file, you will find some thing like this
C:\Documents and Settings\nagendra.busam>keytool -import -file D:\projects\liferay\project-docs\infocast\server_cas_infocast.crt -keypass changeit -keystore C:\Java\jdk1.6.0_19\jre\lib\security\cacerts
Enter keystore password:
keytool error: java.lang.Exception: Certificate not imported, alias <mykey> already exists
Some times you will get above error (here mykey is the default alias - it might have taken already). In that case import the certificate with alias name as below
C:\Documents and Settings\nagendra.busam>keytool -import -alias cas-liferay-infocast -file D:\projects\liferay\project-docs\infocast\server_cas_infocast.crt -keystore C:\Java\jdk1.6.0_19\jre\lib\security\cacerts
Here is my server.xml related change in TOMCAT_HOME/conf
Search for 8443 in that file, you will find some thing like this
<connector clientauth="false" maxthreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslenabled="true" sslprotocol="TLS"></connector>
change above to
<connector clientauth="false" keyalias="cas-liferay-infocast" maxthreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslenabled="true" sslprotocol="TLS"
keystorefile="C:/Documents and Settings/nagendra.busam/.keystore" keystorepass="changeit"
truststorefile="C:/Java/jdk1.6.0_19/jre/lib/security/cacerts"></connector>
Reference link(s)
http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
No comments:
Post a Comment