Project

General

Profile

1
Replication set up for tomcat4 standalone (java1.4)
2
1. Generate keys in java default key store - $jAVA_HOME/jre/lib/security/cacerts:
3
   keytool -genkey -alias pinetomcat -keyalg RSA -validity 800 -keystore cacerts
4
   Note: when ask you name, you should put your host name, such as "pine.nceas.ucsb.edu"
5
         The state name should be full name, e.g. California.
6

    
7
2. Generate certificate:
8
   keytool -export -alias pinetomcat -file pinetomcatjava14.cert -keystore cacerts
9

    
10
3. Configure server.xml for tomcat 4.
11
   Removed the comment for port 8443. In factory element add an attribute:
12
   keystoreFile="/usr/java/j2sdk1.4.1_01/jre/lib/security/cacerts"
13
   In windows machine, it will look like keystoreFile="C:\usr\java\j2sdk1.4.1_01\jre\lib\security\cacerts"
14
   
15
4. Import other server's certificate to cacerts:
16
    keytool -import -alias fatalitomcatjava14 -file ~/keys/fatalitomcat/fatalitomcatjava14.cert -keystore cacerts
17

    
18
5. Restart tomcat
19

    
20
6. Set up xml_replication table in metacat
21

    
22
Replication set up for Apache2 (with Tomcat4):
23
1. Generate keys by openssl (In pine machine)
24
   openssl req -new -out REQ.pem -keyout server.key
25
   Note: the first quetion is asked to set your password.
26

    
27
2. Generate certificate:
28
   openssl req -x509 -days 800 -in REQ.pem -key server.key -out server.crt
29

    
30
3. Put server.key into $APACHE_HOME/conf/ssl.key and server.crt into APACHE_HOME/conf/ssl.crt
31

    
32
4. Import other server's certificate to java's cacerts:
33
   keytool -import -alias pinetomcat14 -file pinetomcatjava14.cert -keystore cacerts
34

    
35
5. Restart apache and tomcat
36

    
37
6. Set up xml_replication table in metacat
38

    
39
The example to set up a key:
40
Country Name (2 letter code) [GB]:US
41
State or Province Name (full name) [Berkshire]:California
42
Locality Name (eg, city) [Newbury]:Santa Barbara
43
Organization Name (eg, company) [My Company Ltd]:UCSB
44
Organizational Unit Name (eg, section) []:NCEAS
45
Common Name (eg, your name or your server's hostname) []:dev.nceas.ucsb.edu
46
(Note: don't put port number here)
47
Email Address []:tao@nceas.ucsb.edu
48

    
49
For generate no password key and certificate (Alternative way):
50
1. openssl genrsa -out server.key 1024
51
2. openssl req -new -x509 -days 900  -key server.key -out server.crt
(32-32/35)