Page Comparison

...

Panel

title	Prepare the certificate authority (CA) certificate.

# Generate the CA private key.
# You will be prompted for a key password.
openssl genrsa -des3 -out ca.key 4096

# Generate the self-signed certificate for the CA using the CA private key.
openssl req -new -x509 -days 1825 -key myca.key -out myca.crt

Panel

title	Prepare the server certificate.

# Generate the server private key.
# You will be prompted for a key password.
openssl genrsa -des3 -out server.key 4096

# Generate the server certificate signing request (CSR).
openssl req -new -key server.key -out server.csr

# Sign the server CSR using the CA private key and CA certificate.
openssl x509 -req -days 1825 -in server.csr -CA myca.crt -CAkey myca.key -set_serial 01 -out server.crt

Panel

title	Prepare the client certificate.

# Generate the client private key.
# You will be prompted for a key password.
openssl genrsa -des3 -out me.key 4096

# Generate the client CSR.
openssl req -new -key me.key -out me.csr

# Sign the client CSR using the CA private key and CA certificate.
openssl x509 -req -days 1825 -in me.csr -CA myca.crt -CAkey myca.key -set_serial 02 -out me.crt

...

Panel

title	Edit the server config to enable HTTPS and to use the server keystore.

# Edit the server config to enable HTTPS and to use the server keystore.
# notice Note: clientAuth="false" ; this tells Tomcat not to prompt for a client cert; normally certificate. Normally this is false, however
# you may wish to set it to true to force a prompt; this . This would be appropriate if clients are already submitting
# their client cert anyway; .
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS" keystoreFile="/home/mlowery/tmp/TomcatKeystore" />

...

Versions Compared

Old Version 4

New Version 5

Key