Got hold of a geotrust signed certificate for badger. That was easy (and $110 of UVM money).
Hard part was getting it installed, since I built the key and the certificate signing request (CSR) with openssl rather than keytool, and it was all being installed in tomcat.
The Tomcat SSL How-To proved to be the definitive source, but it took several readings and several google searches and several failed attempts to get the right syntax and in/out files. Here’s what finally worked
openssl pkcs12 -export -in badger.crt -inkey badger.key
-out badger.p12 -name tomcat
-CAfile ca-bundle.crt -caname root -chain
along with this entry in /usr/local/jakarta-tomcat/conf/server.xml
<Connector port="443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/usr/share/ssl/certs/badger.p12" keystorePass="xxxxxx"
keystoreType="PKCS12"
/>
Still need to get hold of a certificate from ldap.uvm.edu and add to default JAVA_HOME security chain
