views:

78

answers:

1

These days I tried to apply a free third pary CA ( www.cacert.org & www.freeca.cn ) and then set up Tomcat SSL with the CA. My purpose is to eliminate the "Certificate Error" page when accessing https://... from a client browser. But it's a little hard for me to get around it.

My steps to apply a free CA, from www.freeca.cn
I used keytool to generate a cer file with command:

keytool -genkey ... // Generate a key   
keytool -certreq ... // Generate a cert file  

and then I got some code from the cert file, and paste onto www.freeca.cn to generate a cer file. Then I imported the cer file

keytool -import -alias abc -file MyABC.cer -keystore mykeystorefile.store 

And then I set up the mykeystorefile.store into tomcat /conf/server.xml, but it didn't work, sill pop "Certificate Error" page when trying to access https://....

Can someone help me? Thanks

A: 

You can set the JVM arguments if you are not using the default keystore location

-Djavax.net.ssl.keyStore=[path]/mykeystorefile.store -Djavax.net.ssl.keyStorePassword=changeit

-Djavax.net.ssl.trustStore=[path]/mykeystorefile.store -Djavax.net.ssl.trustStorePassword=changeit

More information about setting up SSL in Tomcat can be found here - http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html

Vincen Collins