SSL Configuration - Google Sites

Download PDF
2 downloads 191 Views 121KB Size Report
Comment
Cisco Enterprise Policy Manager Installation and Configuration Guide. OL-19551-01. 18. SSL Configuration. Configuring SS
CH A P T E R

18

SSL Configuration Configuring SSL in Tomcat To enable SSL, you must generate the keys first and then configure the server to use them. (Tomcat is considered an example in this chapter.) To enable two-way SSL, follow these steps: I. Generating keys for server and client: Step 1

Generate keys for server. To do this: a.

Use the following from the command prompt: keytool –genkey –alias tomcat –keyalg RSA –keystore server.keystore

b.

Enter keystore password: changeit

c.

Follow the prompts and give the inputs. When prompted for the password, provide it: changeit This creates the server keys.

Step 2

Export the certificate. To do this: a.

Use the following from the command prompt: keytool –selfcert –export –alias tomcat –storepass changeit –file server.cer –keystore server.keystore

This will export the server certificate to the server.cer file. Step 3

Generate the keys for the client. To do this: a.

Use the following from the command prompt keytool –genkey –alias client –keyalg RSA –keystore client.keystore

b.

Enter keystore password: changeit

c.

Follow the prompts and give the inputs. When prompted for the password, provide it: changeit This creates the client keys.

Step 4

Export the client certificate. To do this: a.

Use the following from the command prompt keytool –selfcert –export –alias client –storepass changeit –file client.cer –keystore client.keystore

This will create a file called client.cer with the client side certificate.

Cisco Enterprise Policy Manager Installation and Configuration Guide OL-19551-01

18-1

Chapter 18

SSL Configuration

Configuring SSL in Tomcat

Step 5

Import the server certificate into the client trust store. To do this: a.

Use the following from the command prompt keytool –import –v –trustcacerts –alias tomcat –file server.cer –keystore client.keystore –keypass changeit –storepass changeit

b.

Import the client certificate into the JRE trust store. To do this:

c.

Use the following from the command prompt: keytool –keystore \jre\lib\security\cacerts –storepass changeit –file client.cer –import –alias client –trustcacerts

II. Tomcat configuration Step 6

Edit server.xml and enable two-way SSL as follows: