Tomcat Web Hosting Blog - Java, JSP, EJB, Hibernate

Chapter 11: Tomcat and Apache HTTP Server attributes = req_attributes distinguished_name = Wiley prompt = no output_password = mypassword [Wiley] C = US ST = NJ L = Hoboken O = Wiley OU = Wrox Press CN = 192.168.23.168 emailAddress = mail@myserver.com [req_attributes] challengePassword = mypassword If you are testing on your own local LAN, you should change the CN (Common Name) entry to the fully qualified hostname or IP of your host. In the example above, the CN is set to 192.168.23.168. If you are actually setting this up for a registered fully qualified domain name, this entry must match exactly the domain that you are requesting the certificate for. If your users are not using this exact name to access your site, they get a security warning from the browser. The key generator needs a file containing a random number to add entropy to the algorithm. Create a file called random.txt and put a large random number in it. Create a Certificate Signing Request The command for creating a certificate signing request is as follows: openssl req -new -out server.csr -config myconfig.file If you use the configuration from the myconfig.file, this step creates a certificate signing request (server.csr) and a private key (keyfile.pem). The following is a sample output from this command: Generating a 1024 bit RSA private key …………..++++++ ……………..++++++ writing new private key to keyfile.pem Remove the Passphrase from the Private Key This is an optional step that should be performed for security reasons. To remove the passphrase from the private key, run the command as shown: openssl rsa -in keyfile.pem -out server.key This command prompts for the password. Use the same password specified in the myconfig.file (mypasswordin this case). The server.key should be readable only by the Apache server and the administrator. We highly recommend that you delete the random.txt file because it contains the entropy information for creating the key and could be used for cryptographic attacks against your private key.

For high quality jboss hosting services please check jboss web hosting website.

This entry was posted on Saturday, June 27th, 2009 at 11:27 pm and is filed under tomcat. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.