|
|
| (2 intermediate revisions not shown) |
| Line 1: |
Line 1: |
| | [[Category:Glossary]] | | [[Category:Glossary]] |
| - |
| |
| - | If the cert is completely unusable or corrupt you must contact thwate tech support, they will need a CSR cert. The below is the steps on how to recreate a new cert from scratch.
| |
| - |
| |
| - |
| |
| - | STEP 1:
| |
| - |
| |
| - | Using the java keytool command line utility located at /usr/local/jre1.6.0_13/bin, the first thing you need to do is create a keystore and generate the key pair. Do this with the following command:
| |
| - |
| |
| - | ./keytool -genkey -keysize 2048 -keyalg RSA -alias [enter Alias name] -keystore [enter Keystore Name]
| |
| - |
| |
| - |
| |
| - | Enter keystore password: Choose a password and enter it when prompted to do so.
| |
| - |
| |
| - | What is your first and last name?
| |
| - | [Unknown]: ct.jaguarfreight.com
| |
| - |
| |
| - | What is the name of your organizational unit?
| |
| - | [Unknown]: IT Department
| |
| - |
| |
| - | What is the name of your organization?
| |
| - | [Unknown]: Jaguar Freight Services
| |
| - |
| |
| - | What is the name of your City or Locality?
| |
| - | [Unknown]: Valley Stream
| |
| - |
| |
| - | What is the name of your State or Province?
| |
| - | [Unknown]: New York
| |
| - |
| |
| - | What is the two-letter country code for this unit?
| |
| - | [Unknown]: US
| |
| - |
| |
| - | Is CN=ct.jaguarfreight.com, OU=IT Department, O=Jaguar Freight Services, L=Valley Stream, ST=NY, C=US correct?
| |
| - | [no]: yes
| |
| - |
| |
| - | Enter key password for <"alias">
| |
| - | (RETURN if same as keystore password)
| |
| - |
| |
| - | '''NOTE:''' Please specify the same password for the keystore and the keyentry or else you will receive the following error message when you restart the jakarta engine: "java.security.UnrecoverableKeyException: Cannot recover key"
| |
| - |
| |
| - | Note, that a keystore was created.
| |
| - |
| |
| - | Please run: ./keytool -list -keystore [keystorename] to make sure you can read the keystore file.
| |
| - |
| |
| - | The keystore will be stored in your JDK/bin directory. Create a copy of the keystore file and store it on a removable disk for safe keeping in case of a server crash.
| |
| - |
| |
| - | STEP 2:
| |
| - |
| |
| - | Backup Keystore file: To backup the keystore file with the keyentry just created,
| |
| - |
| |
| - | 1) cp -a [ the keystore name used ] [keystore name ].bak
| |
| - |
| |
| - | 2) scp -a [keystore name].bak root@dev.jaguarfreight.com:/root
| |
| - |
| |
| - | STEP 3:
| |
| - |
| |
| - | Generate a CSR off the newly create keystore and keyentry:
| |
| - | keytool -certreq -alias [alias name] -keyalg RSA -file certreq.csr -keystore [keystorename]
| |
| - |
| |
| - | Enter keystore password (from Step 1).
| |
| - |
| |
| - | The CSR will be saved to your JDK/bin directory:
| |
| - |
| |
| - | -----BEGIN NEW CERTIFICATE REQUEST-----
| |
| - |
| |
| - | and
| |
| - |
| |
| - | -----END NEW CERTIFICATE REQUEST-----
| |
| - |
| |
| - | STEP 4:
| |
| - |
| |
| - | Submit the CSR in our online Certificate enrollment process and fax the necessary documentation to your Thawte Representative.
| |
| - |
| |
| - | STEP 5:
| |
| - |
| |
| - | When you receive the certificate save the thawte signed Certificate in a notepad file named 'thawtcert'.
| |
| - |
| |
| - | Please remember to download the Certificate in PKCS#7 format
| |
| - |
| |
| - | STEP 6:
| |
| - | 1) ftp the twatcert.txt file to /usr/local/jre1.6.0_13/bin
| |
| - | 2) Import the Certificate into the keystore: keytool -import -alias [ alias name ] -trustcacerts -file thawtecert.txt -keystore [keystorename]
| |
| - |
| |
| - | STEP 7:
| |
| - |
| |
| - | Edit the Tomcat Configuration file.
| |
| - |
| |
| - | Tomcat keeps its configuration information in the server.xml file. Make sure Tomcat is reading the correct keystore file and that port 443 is enabled for secure connections. please check the keystore location and file name is correct and pointing to /usr/local/jre1.6.0_13/bin/[keystore name]
| |
