Got hold of a geotrust signed certificate for badger. That was easy (and $110 of UVM money).<\/p>\n
Hard part was getting it installed, since I built the key and the certificate signing request (CSR) with openssl rather than keytool, and it was all being installed in tomcat.<\/p>\n
The Tomcat SSL How-To<\/a> proved to be the definitive source, but it took several readings and several google searches and several failed attempts to get the right syntax and in\/out files. Here’s what finally worked<\/p>\n along with this entry in \/usr\/local\/jakarta-tomcat\/conf\/server.xml<\/p>\n <\/p>\n Still need to get hold of a certificate from ldap.uvm.edu and add to default JAVA_HOME security chain<\/p>\n","protected":false},"excerpt":{"rendered":" Got hold of a geotrust signed certificate for badger. That was easy (and $110 of UVM money). Hard part was getting it installed, since I built the key and the certificate signing request (CSR) with openssl rather than keytool, and … Continue reading openssl pkcs12 -export -in badger.crt -inkey badger.key
\n-out badger.p12 -name tomcat
\n-CAfile ca-bundle.crt -caname root -chain
\n
\n<\/pre>\n<\/div>\n <Connector port="443"
\n maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
\n enableLookups="false" disableUploadTimeout="true"
\n acceptCount="100" debug="0" scheme="https" secure="true"
\n clientAuth="false" sslProtocol="TLS"
\n keystoreFile="\/usr\/share\/ssl\/certs\/badger.p12" keystorePass="xxxxxx"
\n keystoreType="PKCS12"<\/pre>\n \/><\/pre>\n