| 1 |
1765
|
tao
|
Replication set up for tomcat4 standalone (java1.4)
|
| 2 |
|
|
1. Generate keys in java default key store - $jAVA_HOME/jre/lib/security/cacerts:
|
| 3 |
|
|
keytool -genkey -alias pinetomcat -keyalg RSA -validity 800 -keystore cacerts
|
| 4 |
|
|
Note: when ask you name, you should put your host name, such as "pine.nceas.ucsb.edu"
|
| 5 |
2285
|
tao
|
The state name should be full name, e.g. California.
|
| 6 |
1765
|
tao
|
|
| 7 |
|
|
2. Generate certificate:
|
| 8 |
|
|
keytool -export -alias pinetomcat -file pinetomcatjava14.cert -keystore cacerts
|
| 9 |
|
|
|
| 10 |
|
|
3. Configure server.xml for tomcat 4.
|
| 11 |
|
|
Removed the comment for port 8443. In factory element add an attribute:
|
| 12 |
|
|
keystoreFile="/usr/java/j2sdk1.4.1_01/jre/lib/security/cacerts"
|
| 13 |
|
|
In windows machine, it will look like keystoreFile="C:\usr\java\j2sdk1.4.1_01\jre\lib\security\cacerts"
|
| 14 |
|
|
|
| 15 |
|
|
4. Import other server's certificate to cacerts:
|
| 16 |
|
|
keytool -import -alias fatalitomcatjava14 -file ~/keys/fatalitomcat/fatalitomcatjava14.cert -keystore cacerts
|
| 17 |
|
|
|
| 18 |
|
|
5. Restart tomcat
|
| 19 |
|
|
|
| 20 |
|
|
6. Set up xml_replication table in metacat
|
| 21 |
|
|
|
| 22 |
|
|
Replication set up for Apache2 (with Tomcat4):
|
| 23 |
|
|
1. Generate keys by openssl (In pine machine)
|
| 24 |
|
|
openssl req -new -out REQ.pem -keyout server.key
|
| 25 |
|
|
Note: the first quetion is asked to set your password.
|
| 26 |
|
|
|
| 27 |
|
|
2. Generate certificate:
|
| 28 |
|
|
openssl req -x509 -days 800 -in REQ.pem -key server.key -out server.crt
|
| 29 |
|
|
|
| 30 |
|
|
3. Put server.key into $APACHE_HOME/conf/ssl.key and server.crt into APACHE_HOME/conf/ssl.crt
|
| 31 |
|
|
|
| 32 |
|
|
4. Import other server's certificate to java's cacerts:
|
| 33 |
|
|
keytool -import -alias pinetomcat14 -file pinetomcatjava14.cert -keystore cacerts
|
| 34 |
|
|
|
| 35 |
|
|
5. Restart apache and tomcat
|
| 36 |
|
|
|
| 37 |
|
|
6. Set up xml_replication table in metacat
|
| 38 |
|
|
|
| 39 |
2173
|
tao
|
The example to set up a key:
|
| 40 |
|
|
Country Name (2 letter code) [GB]:US
|
| 41 |
|
|
State or Province Name (full name) [Berkshire]:California
|
| 42 |
|
|
Locality Name (eg, city) [Newbury]:Santa Barbara
|
| 43 |
|
|
Organization Name (eg, company) [My Company Ltd]:UCSB
|
| 44 |
|
|
Organizational Unit Name (eg, section) []:NCEAS
|
| 45 |
|
|
Common Name (eg, your name or your server's hostname) []:dev.nceas.ucsb.edu
|
| 46 |
|
|
(Note: don't put port number here)
|
| 47 |
|
|
Email Address []:tao@nceas.ucsb.edu
|
| 48 |
2718
|
tao
|
|
| 49 |
|
|
For generate no password key and certificate (Alternative way):
|
| 50 |
|
|
1. openssl genrsa -out server.key 1024
|
| 51 |
|
|
2. openssl req -new -x509 -days 900 -key server.key -out server.crt
|