{"id":3021,"date":"2014-05-12T22:07:31","date_gmt":"2014-05-12T14:07:31","guid":{"rendered":"http:\/\/rmohan.com\/?p=3021"},"modified":"2014-05-13T11:46:09","modified_gmt":"2014-05-13T03:46:09","slug":"tomcat-and-keystore","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=3021","title":{"rendered":"Tomcat and Keystore"},"content":{"rendered":"<p><strong>Keystore and cacerts<\/strong><\/p>\n<p>Steps:<\/p>\n<p>1. list the existing keys, the default file is .keystore under \/usr\/local\/tomcat folder<br \/>\n# cd \/usr\/local\/tomcat<br \/>\n# keytool -list -v -storepass changeit<\/p>\n<p>2. delete the existing keys( key alias :tomcat)<br \/>\n# cd \/usr\/local\/tomcat<br \/>\n# keytool -delete -alias tomcat -storepass changeit<\/p>\n<p>3. generate self-signed key<br \/>\n# keytool -h for usage<br \/>\n# keytool -genkey -alias tomcat -keysize 1024 -validity 3650 -keypass changeit -storepass changeit<br \/>\nWhat is your first and last name?<br \/>\n[Unknown]: rmohan<br \/>\nWhat is the name of your organizational unit?<br \/>\n[Unknown]: IS<br \/>\nWhat is the name of your organization?<br \/>\n[Unknown]: rmohan<br \/>\nWhat is the name of your City or Locality?<br \/>\n[Unknown]: Singapore<br \/>\nWhat is the name of your State or Province?<br \/>\n[Unknown]: Singapore<br \/>\nWhat is the two-letter country code for this unit?<br \/>\n[Unknown]: SG<br \/>\nIs CN=rmohan, L=Singapore, ST=Singapore, C=SG correct?<br \/>\n[no]: yes<br \/>\nfor above self-generated key to work without SSL warning, you need to import to ca certs file<\/p>\n<p>4. list the existing CA certificates from \/usr\/local\/jdk\/jre\/lib\/security\/cacerts<br \/>\n# cd \/usr\/local\/jdk\/jre\/lib\/security<br \/>\n# keytool -list -v -keystore cacerts<\/p>\n<p>5. in order to add self-signed key to cacerts, export it first from .keystore file<br \/>\n# keytool -export -alias rmohan -keypass changeit -storepass changeit -file \/tmp\/rmohan.der<\/p>\n<p>6. then import to cacerts file under \/usr\/local\/jdk\/jre\/lib\/security\/cacerts<br \/>\n# cd \/usr\/local\/jdk\/jre\/lib\/security<br \/>\n# keytool -import -alias rmohan -trustcacerts -keystore cacerts -file \/tmp\/rmohan.der -storepass changeit<\/p>\n<p>note: add this key to trusted cacerts and give alias as rmohan<br \/>\nyou can add one more, but have to give the different alias name<br \/>\n7. you can delete the existing cacert key:<br \/>\n# cd \/usr\/local\/jdk\/jre\/lib\/security<br \/>\n#keytool -delete -keystore cacerts -alias rmohan<\/p>\n<p>8. import a openssl generated self signed pem format certificate from openldap server into ca certs file on tomcat server (for ldaps connection from tomcat server to openldap server)<\/p>\n<p># cd \/usr\/local\/jdk\/jre\/lib\/security<br \/>\n# keytool -import -alias rmohan -trustcacerts -keystore cacerts -file \/tmp\/rmohan.pem -storepass changei<br \/>\nReferences:<br \/>\n1. convert pem to der format<\/p>\n<p>openssl x509 -in cacert.pem -inform PEM -out cacert.der -outform DER<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Keystore and cacerts<\/p>\n<p>Steps:<\/p>\n<p>1. list the existing keys, the default file is .keystore under \/usr\/local\/tomcat folder # cd \/usr\/local\/tomcat # keytool -list -v -storepass changeit<\/p>\n<p>2. delete the existing keys( key alias :tomcat) # cd \/usr\/local\/tomcat # keytool -delete -alias tomcat -storepass changeit<\/p>\n<p>3. generate self-signed key # keytool -h for usage # keytool [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/3021"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3021"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/3021\/revisions"}],"predecessor-version":[{"id":3022,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/3021\/revisions\/3022"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3021"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3021"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3021"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}