ssl support for metacat (https)
Need support for clients to connect to metacat using ssl. Need to determine a
reasonable way of generating and assigning certificates (probably we generate
them and provide a central registry of metacat servers where clients can get the
Need support for metacat to contact LDAP over SSL to make this a secure connection.
#1 Updated by Jivka Bojilova over 18 years ago
These are the things that should be done on the server for Metacat to
communicate through HTTPS:
1. in $TOMCAT_HOME/conf/server.xml uncomment this part for SSL suport:
but comment the part for the normal HTTP.
2. Download JSSE and install JSSE jars by coping jart.jar, jnet.jar, jsse.jar to
3. Edit $JAVA_HOME/jre/lib/security/java.security by adding one line for Sun's
4. Do: keytool -genkey -alias tomcat -keyalg RSA -keystore /opt/httpd/.keystore
RSA is essential to work with Netscape and IIS. Use "changeit" as password. ( or
add keypass attribute to change it. ) You don't need to sign the certificate.
This generates key pair with self-signed certificate holding the public key. You
don't need to sign the certificate. Check with:
keytool -list -alias tomcat
5. vi $TOMCAT_HOME/bin/tomcat.sh. In there add the HTTPS handler by:
6. Restart Tomcat to take effects.
7. In order for the client to trust that certificate you should export it in a
file. Send that file to the client who then should import it as a trusted
keytool -export -alias tomcat -file dev.cer -keystore /opt/httpd/.keystore
dev.cer is the file to be sent to the client.