Just a quick note about configuring your tomcat server to use a certificate generated from Microsoft Certificate Services. The setup guide for tomcat is an excellent guide to using the keytool command to do this. I had a rather difficult time doing this as I was unfamiliar with the keytool command when I started this process. Here is a step by step guide to doing this. http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

1. Generate your keystore:

keytool -genkey -alias tomcat -keyalg RSA -keystore \path\to\my\keystore

a. When Generating your keystore, make sure that the name you specify is not a first name and last name, but the fqdn for your server.

2. Generate a request:

keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore

3. Send your request to your CertServ.

4. Save the chain in base 64. (This was important as it ended up being what caused this not to work in the first place. Your milage may vary.)

5. Export each certificate in base 64 (again, I found this to be important.)

6. Import the chain one certificate at a time, starting with root:

a. keytool -import -alias root -keystore -trustcacerts -file b. keytool -import -alias tomcat -keystore -trustcacerts -file

7. Setup your connector in server.xml:

<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="443" minSpareThreads="5" maxSpareThreads="75" enableLookups="true" disableUploadTimeout="true" acceptCount="100" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="<path\to\keystore>" keystorePass="changeit" clientAuth="false" sslProtocol="TLS"/>

8. Restart your server, if it starts up, then you should have a working ssl connector. Now you can shut down port 80 service, or try to redirect it (steps forthcoming.)

Enjoy,

NewConcept -Todd

-- TWikiGuest - 20 Aug 2008