To create a
CSR and private key, you will need a new keystore on your server. We highly
recommend creating a new keystore rather than using an existing one. If you do
use an existing keystore, you may corrupt it when you attempt to create a new
CSR and key within it.
To create a
new keystore, key and CSR, run the following command:
While you
complete these fields, we ask that you keep a few things in mind:
Country/State/City - Enter the locality information based on where your business
operates, not where your server is located. Spell out all state and city
information. For example, if your business operates in Texas, use "Texas" for
the state, rather than "TX". If you are an international customer in a country
without states or provinces, please use your country name in the state field.
Organization -
Please use your full, unabbreviated legal business name including any applicable
suffix, such as "Inc" or "LLC". If your company name is registered in an
abbreviated form, then you may use abbreviations if you would like to do so.
Common Name -
This is where you type the web address of your site. For example, www.ipsca.com
and ipsca.com are both acceptable. Please do not include http:// or https://.
When you have
finished entering data, type "y" to confirm and enter a password. Make a note of
this password - you will not be able to work with this keystore ever again if
you forget the password.
Enter your
company information again and refer to the previous step for the information to
provide in each field. Once you are finished with the CSR, enter your keystore
password.
Preparing to Install the SSL Certificate
Copy the .cer
file from the ZIP file that was e-mailed to you from ipsCA when your SSL
Certificate was issued to the server. The .cer file contains your actual ipsCA
SSL Certificate for your server.
Installing
your SSL Certificate
You will need
to use the keytool command to import your SSL Certificate:
The first, and
easiest, way to configure Tomcat to begin using your SSL Certificate is via
Admintool. If you would rather just alter the server.xml file, please skip to
the next step.
To get
started, start the Tomcat server first. Go to "http://localhost:8080/admin" and
type a username and password that have administrative rights on the Tomcat
server. Choose "Service" on the left menu and then click "Create New Connector"
from the drop-down list on the right. Choose "HTTPS" in the "Type" field and
enter "443" for the SSL port. This is the default - only change this if you are
completely sure you need to change it.
Now you will
need to enter the name of your keystore and its password. Sometimes the default
values will be exactly what you want, so you may be able use what has been
pre-filled.
Click "Save"
to save your new SSL Connector, and then click "Commit Changes". This will
automatically write the server.xml configuration file. Now, skip the next step
and proceed to the very last step on this page.
Configuring
Tomcat by Editing server.xml
If you would
rather use a graphical interface, please use the previous step "Configuring
Tomcat Using Admintool". If you have already configured Tomcat using Admintool,
you can now proceed to the next step.
Copy your
keystore file to your dome directory. Open the Home_Directory/conf/server.xml in
a text editor and uncomment the "SSL Connector Configuration". Set the
"Connector Port" to 443 (443 is the default - only change this if you are
completely sure). Your server.xml should look like this:
