Cheat Sheet for creating a self signed certificate.
1. create a directory to store your certificate.
IE: "C:\ssl"
2. Open a command window (dos prompt) and CD to that directory.
c:
cd \ssl
3. type:
keytool -genkey -alias
tomcat -keyalg RSA -keystore ./keystore
NOTE: The keytool will then ask you a series of questions.
For.
Password:
Use something you will remember.
First & Last Name:
Use the domain or IP that you will be using to
access the site with.
If you're only hitting tomcat from the local machine
use "localhost".
If you don't, the user will be warned that the certificate
is for a different domain.
Organizational
Unit:
Any
String (just remember it).
Name of your organization:
Your company name.
Name of your city:
The name of your city.
Name of your state or province.
Use the full spelling of your state with the first
letter captialized ("Massachusetts").
The two letter contry code for this unit.
Make sure it's upper case ("US")
You will be shown all of your entries and asked to confirm.
Hit enter.
You will be asked for your password again with the option to
just hit enter.
Hit enter
The keystore will be generated in the current working directory.
4. Open server.xml, located in TOMCAT\conf.
Find and uncomment the SSL <Connector port entry.
NOTE: XML uses the "<!--" start and "-->" end symbols
to begin and end comments.
NOTE: There is a comment just above it that looks like this:
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
5. Add two more attributes to this tag:
keystoreFile="PATH TO YOUR KEY STORE"
and:
keystorePass="YOUR PASSWORD"
6. If you have disabled the SSL Filter in HRPWE, re-enable it.
This is done in TOMCAT\webapps\hrp\WEB-INF\web.xml.
Find the SSL filter entry and change the "active" attribute
from false to true.
7. Restart Tomcat.
Screenshot of a keytool session:
==========================================================================
Example of a configured server.xml file: