Replication set up for tomcat4 standalone (java1.4) 1. Generate keys in java default key store - $jAVA_HOME/jre/lib/security/cacerts: keytool -genkey -alias pinetomcat -keyalg RSA -validity 800 -keystore cacerts Note: when ask you name, you should put your host name, such as "pine.nceas.ucsb.edu" The state name should be full name, e.g. California. 2. Generate certificate: keytool -export -alias pinetomcat -file pinetomcatjava14.cert -keystore cacerts 3. Configure server.xml for tomcat 4. Removed the comment for port 8443. In factory element add an attribute: keystoreFile="/usr/java/j2sdk1.4.1_01/jre/lib/security/cacerts" In windows machine, it will look like keystoreFile="C:\usr\java\j2sdk1.4.1_01\jre\lib\security\cacerts" 4. Import other server's certificate to cacerts: keytool -import -alias fatalitomcatjava14 -file ~/keys/fatalitomcat/fatalitomcatjava14.cert -keystore cacerts 5. Restart tomcat 6. Set up xml_replication table in metacat Replication set up for Apache2 (with Tomcat4): 1. Generate keys by openssl (In pine machine) openssl req -new -out REQ.pem -keyout server.key Note: the first quetion is asked to set your password. 2. Generate certificate: openssl req -x509 -days 800 -in REQ.pem -key server.key -out server.crt 3. Put server.key into $APACHE_HOME/conf/ssl.key and server.crt into APACHE_HOME/conf/ssl.crt 4. Import other server's certificate to java's cacerts: keytool -import -alias pinetomcat14 -file pinetomcatjava14.cert -keystore cacerts 5. Restart apache and tomcat 6. Set up xml_replication table in metacat The example to set up a key: Country Name (2 letter code) [GB]:US State or Province Name (full name) [Berkshire]:California Locality Name (eg, city) [Newbury]:Santa Barbara Organization Name (eg, company) [My Company Ltd]:UCSB Organizational Unit Name (eg, section) []:NCEAS Common Name (eg, your name or your server's hostname) []:dev.nceas.ucsb.edu (Note: don't put port number here) Email Address []:tao@nceas.ucsb.edu