How do I install SSL for my container?
Here are some common configuration mistakes:
- When installing standard extensions, install them under $JAVAHOMEjrelibext -- not under $JAVAHOMElibext.
- If Struts links do not appear under SSL, see step 7 on the Secure Socket Extension page.
- You may need to add
to the command line which loads your container.
- If you have trouble importing your license key, be sure that your text file is saved in standard UNIX file format
1. Install JSSE
2. Create a new keystore for certificate requests, using template that ships with Java
cp cacerts MY_SERVER.keystore
3. Change the default password
keytool -storepasswd -storepass changeit -new MY_KEYSTORE_PASSWORD -keystore data.keystore
4. Generate a key, specifying an alias to use for this certificate
keytool -genkey -keyalg RSA -alias MY_SERVER_ALIAS -storepass MY_KEYSTORE_PASSWORD -keystore data.keystore
Answer the questions, using your machine's fully-qualified name (www.myserver.com) for "first and last name".
Use the same password for the key (using another password is not implemented).
5. Create a certificate request, based on the key created for the alias (step 2).
keytool -certreq -alias MY_SERVER_ALIAS -store pass MY_SERVER_PASSWORD -keystore MY_SERVER.keystore
Capture the output to a text file (MY_SERVER.crs), being sure to keep a backup copy in a safe place. This is your Certificate Request.
6. Generate a test certificate with Thawte, or another authority, to be sure everything works, and import the certificate returned (MY_SERVER.crt) for this alias.
keytool -import -alias MY_SERVER_ALAIS -storepass MY_SERVER_PASSWORD -keystore MY_SERVER.keystore -file MY_SERVER.crt
7. Repeat previous step to obtain a production certificate (unless you are self-signing for intranet use). When you import the production certificate, it will replace the test version.