Versions Compared

Old Version 7

changes.mady.by.user Joncarlo Ruggieri

Saved on

compared with

New Version 8

changes.mady.by.user Chris Callahan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note: If following the example above for generating a Self-signed Cert., the "keyAlias" here would be "tomcat".

Verifying Client Certificates

Tomcat references a different keystore when asked to verify certificates presented by clients. To import a CA certificate into that keystore, simply point keytool to the appropriate location.

No Format

[root@casweb4 security]# $JAVA_HOME/bin/keytool -v -import -alias iet-ca -file /root/ucd_iet_ca.pem -trustcacerts -keystore /ucd/opt/java5/jre/lib/security/cacerts
Enter keystore password:  changeit
Owner: EMAILADDRESS=iet-ca@ucdavis.edu, CN=UC Davis IET CA, OU=IET, O=University of California Davis, L=Davis, ST=California, C=US
Issuer: EMAILADDRESS=iet-ca@ucdavis.edu, CN=UC Davis IET CA, OU=IET, O=University of California Davis, L=Davis, ST=California, C=US
Serial number: 0
Valid from: Mon Apr 28 10:54:40 PDT 2003 until: Thu Apr 25 10:54:40 PDT 2013
Certificate fingerprints:
         MD5:  B1:63:EA:67:25:4E:95:41:A6:48:4D:55:EC:59:50:91
         SHA1: C1:93:56:E5:36:3F:F7:5C:5D:C1:D1:6D:AE:EB:A7:8E:AD:85:21:84
Trust this certificate? [no]:  yes
Certificate was added to keystore
[Storing /ucd/opt/java5/jre/lib/security/cacerts]
[root@casweb4 security]#