This is wrong

thumbsshameΔιακομιστές

17 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

292 εμφανίσεις


fm:

Basically:

1.

You’ll create a new keystore(.jks)

2.

Convert it to a CSR(.cer)

3.

Email it to the CA

i.

CA will provide 2 or 3 signed certs(root,inter,domain)

4.

Make sure the new keystore you made is in TGP
\
apache
\
conf

5.

Import the 3 signed certs to the keystore

6.

Edit

TGProResources.properties


ENDPOINT(s)

7.

Restart a
pache service


Note:
Any keytool commands must be executed in a single line
.


Navigate to

\
Time Guardian Pro
\
jre
\
bin

via command prompt and execute:


The
following
command checks the current status of tomcat’s SSL entries
:


keytool
-
list
-
v
-
keystore
"…
\
T
ime Guardian Pro
\
apache
-
tomcat
-
5.5.12
\
conf
\
amanoKeys.jks


-
storepass amano123


See below for sample result:


*******************************************

*******************************************



Alias name:
tomcat

Creation date: Feb 25, 2009

Entry typ
e:
trustedCertEntry




STEP


1


Rename the amanoKeys.jks(keystore) from the apa
che
\
conf dir before you proceed.


E
xecute the following:


keytool
-
genkey
-
dname "CN=www.yourtgpserver.com, OU=Unknown, O=Unknown, L=Unknown,
ST=New Jersey, C=US"
-
keyalg RSA
-
k
eystore "
...
\
Time Guardian Pro
\
apache
-
tomcat
-
5.5.12
\
conf
\
amanoKeys.jks"
-
validity 365
-
alias tomcat
-
keypass amano123
-
storepass
amano123


Note that VeriSign requires state name to be part of the signature.



STEP

2


Then execute:


keytool
-
certreq
-
alias
tomcat
-
file
c:
\
amano.cer
-
keystore "
...
\
Time Guardian
Pro
\
apache
-
tomcat
-
5.5.12
\
conf
\
amanoKeys.jks"
-
storepass amano123


STEP

3


Provide the contents of
the cer file to the certificate authority(i.e. verisign, comodo,
etc.).
This is the CSR
.


When you rece
ive the 2 or 3 signed files from the CA, copy them to where keytool.exe
(TGP
\
jre
\
bin) is.



STEP

4


Verify by date and time that
the new jks file
which

you previously made
from step 1 is in
the TGP
\
apache
\
conf folder.



This is wrong

SSL: HOW TO APPLY SIGNED CERTFICATE TO TGP


fm:

STEP

5


Then execute:


keytool
-
imp
ort
-
trustcacerts
-
alias root
-
file AddTrustExternalCARoot.crt
-
keystore
"
...
\
Time Guardian Pro
\
apache
-
tomcat
-
5.5.12
\
conf
\
amanoKeys.jks"
-
storepass amano123


Do you still want to add it to your own keystore? [no]: yes


Then execute:


keytool
-
import
-
trus
tcacerts
-
alias INTER
-
file UTNAddTrustServerCA.crt
-
keystore
"
...
\
Time Guardian Pro
\
apache
-
tomcat
-
5.5.12
\
conf
\
amanoKeys.jks"
-
storepass amano123


Then execute:


keytool
-
import
-
trustcacerts
-
alias tomcat
-
file www_yourdomain_com.crt
-
keystore
"
...
\
Time G
uardian Pro
\
apache
-
tomcat
-
5.5.12
\
conf
\
amanoKeys.jks"
-
storepass amano123


You can execute the keytool

list to confirm that the keystore has been updated properly:


keytool
-
list
-
v
-
keystore "...
\
Time Guardian Pro
\
apache
-
tomcat
-
5.5.12
\
conf
\
amanoKeys.jks"
-
storepass amano123 >newlist.txt

You can also verify through newlist.txt


After running, keytool
-
list
-
v
-
keystore "
...
\
Program Files
\
Time Guardian Pro
\
apache
-
tomcat
-
5.5.12
\
conf
\
amanoKeys.jks" again…


*******************************************

*********
**********************************



Alias name:
tomcat

Creation date: Feb 25, 2009

Entry type:
PrivateKeyEntry



STEP

6


C:
\
Program Files
\
Time Guardian Pro
\
apache
-
tomcat
-
5.5.12
\
webapps
\
tgpro
\
WEB
-
INF
\
classes
\
TGProResources.properties


the above file must b
e set to non
-
ssl with localhost on all ENDPOINTs:


CALCENGINE_WS_ENDPOINT=
http://localhost:8080
/axis/services/tgpro/CalcEngineService

CALCENGINE_WS_CONSUMER_ID=tgpro

CALCENGINE_WS_CONSUMER_PASSWORD=a,&^^684849ydyh38fjh28rj3849


# IM web service
-

TODO: Cha
nge for IM

IM_WS_ENDPOINT=
http://localhost:8080
/axis/services/tgpro/IMService

IM_WS_CONSUMER_ID=tgpro

IM_WS_CONSUMER_PASSWORD=a,&^^684849ydyh38fjh28rj3849


# report web service consumer

REPORT_WS_ENDPOINT=
http://localhost:8080
/axis/services/tgpro/ReportSer
vice

REPORT_WS_CONSUMER_ID=tgpro

REPORT_WS_CONSUMER_PASSWORD=a,&^^684849ydyh38fjh28rj3849


# schedule web service consumer

SCHEDULE_WS_ENDPOINT=
http://localhost:8080
/axis/services/tgpro/RotationService




STEP

7

Restart the apache tomcat service



This is correct