Reputation: 6042
How to connect with CA to sign ssl certificate?
I have never done https so far, but trying to get grips with it. I understand how to do self-signed certificates which is from what I understood is completely pointless as browsers will fire up straight away the warning. "As one cannot say trust me because I am honest."
From SO posts I understood that Tomcat or any other server environment is responsible for configuration. All clear and good.
The confusion is how these certificate signed when not self-signed. In other words, how do I point my keystore to CA provider.
I am following guide:
The problem is that I don't know what happens after I buy certificate from CA. Do I get a file which I need to point my keystore to or I import keystore itself remotely?
For self-signed we do: " Generating a keystore file (Self Certification) The keystore file is the one which would store the details of the certificates necessary to make the protocol secured, to-do this we'll use the keytool provided as part of JDK 1.6, the following should create the keystore :-
From your Java installation directory %JAVA_HOME%/bin
- keytool -genkey -alias emc -keypass password -keystore emc_tomcat.bin -storepass password"
This implies that for not self-signed the details must come from CA provider? So need to add something to the line(URL path?)? Or is it the client responsibility to verify whether my certificate is valid...then how do I link my certificate to the one I purchased. I am completely confused.
Rephrasing other way: how to install CA from official CA providers?
Or I am telling complete rubbish and missing something fundamental. :-)
My apologies if there is duplicate, I've spent quite good bit of time of researching SO and reading wikipedia articles, but the internal mechanics are very difficult for novice users. I've marked bold the actual questions for people short on time. Thanks.
Upvotes: 0
Views: 133
Answers (1)
Reputation: 46415
All the information you are asking for is readily provided by any reputable ("trusted") CA. See for example http://www.digicert.com/ssl-certificate-installation.htm
Quoting:
After you create your CSR, purchase your certificate, and the SSL Certificate validation and processing are complete, you are ready to install your SSL Certificate(s).
Your certificate will be provided via email or will be available to download in your DigiCert Management Console. The SSL Certificate is a text file with encrypted data that your server will use once the certificate is installed
And following down the Tomcat link:
Tomcat SSL installations can be a bit tricky, but don't worry. Our knowledgeable support staff is familiar with both the keytool utility as well as common Tomcat installation methods. We will be happy to help you generate your Certificate Signing Request (or CSR), install the certificate to your Java keystore, and configure your server to use it via either the Tomcat Admintool utility, or by editing the server.xml configuration file directly.
It seems that this answers all your questions... "buy it and you will see how easy it is".
Upvotes: 2
Related Questions
- How to create a self signed SSL certificate for use with Tomcat?
- What are the steps to configure SSL for Tomcat?
- How to make my server trust with a certificate?
- Install SSL on Tomcat with certificate .cer
- How to configure SSL certificate on Tomcat 6?
- SSL Certificates on a Tomcat Server
- Enable SSL on Tomcat using SSL CERTIFICATE, PRIVATE KEY and SSLCertificateChain CERTIFICATE
- SSL connection from Java
- Tomcat 7 ssl client authenitcation
- SSL Connection from Java client