To use SSL certificates signed by a Certificate Authority (CA) for Attix5 WebAccess, follow these steps:
Create a new self-signed key
Using the Command Prompt, navigate to the Java\jdk\bin directory (e.g. C:\Program Files\Java\jdk1.5.0_01\bin).
Run the command "
Note: Keytool will ask you for your first and last name. You may find that you need to enter in the full domain name of the server running the web access, Eg webaccess.attix5server.com, rather than your name for the signed certificate import to be successful. If in doubt, enter the full domain name of your webaccess server at this point.
You will also be prompted for a password twice, please enter the same password.
The .keystore file will be written to the root path of the Windows user you are logged in as (e.g. C:\Documents and Settings\Administrator\).
Generate a Certificate Signing Request (CSR)
In the Java\jdk\bin directory, run:
Now you have a file called certreq.csr that you can submit to the Certificate Authority (look at the documentation of the Certificate Authority website on how to do this). In return you get a certificate.
Importing the Certificate(s)
Note: It is recommended that you make a copy of your keystore files before attempting any certificate imports. If you make a mistake, you can easily restart the process.
When you receive your certificate back from the CA it needs to be imported to your keystore along with any root and intermediate certificates. (If updating certificates, see Further Commands below).
To import the root certificate, run the command:
If an intermediate certificate is provided, run the following command (note different alias):
Finally, run the following command to import your certificate (again, note different alias):
Note: It is very important to import any intermediate certificates if instructed to do so by your CA. If you do not, your own certificate will not be considered trusted and will display as such in web browsers.
Configure Tomcat Settings.xml
You now need to specify the path to the keystore and keystore password in the Tomcat server.xml file.
Restart Tomcat for any changes to take effect.
The contents of the keystore can be listed with the following command: "
Many more common keytool commands can be found here: