Difference between revisions of "Configuring the http server for https using the keytool"

From PresenceWiki
Jump to: navigation, search
 
(9 intermediate revisions by the same user not shown)
Line 5: Line 5:
  
 
http://www.international-presence.com/images/docs/https/createkeystore.png
 
http://www.international-presence.com/images/docs/https/createkeystore.png
 
  
 
After this you can then create a self signed certificate:-
 
After this you can then create a self signed certificate:-
Line 11: Line 10:
 
  keytool -selfcert -validity 721 -keystore c:\\keystore
 
  keytool -selfcert -validity 721 -keystore c:\\keystore
  
 +
http://www.international-presence.com/images/docs/https/selfsigned.png
  
 
Now place the file keystore into the presence res directory.
 
Now place the file keystore into the presence res directory.
Line 27: Line 27:
 
Because we gave the name as impscloud, if we go to C:\WINDOWS\system32\drivers\etc\hosts and edit this we can point it to a chosen machine:-
 
Because we gave the name as impscloud, if we go to C:\WINDOWS\system32\drivers\etc\hosts and edit this we can point it to a chosen machine:-
  
 +
http://www.international-presence.com/images/docs/https/hosts.png
  
 
Then we can go to this page:-
 
Then we can go to this page:-
Line 32: Line 33:
 
https://impscloud/test.xhtml
 
https://impscloud/test.xhtml
  
Initially we will receive a warning, if we choose, I understand the risks.
+
Initially you will receive a warning, where you should choose "I Understand The Risks".
 +
 
 +
http://www.international-presence.com/images/docs/https/untrustedconnection.png
  
 
We can then select "Get The Certificiate" and then "Confirm Security Exception"
 
We can then select "Get The Certificiate" and then "Confirm Security Exception"
 +
 +
http://www.international-presence.com/images/docs/https/confirmsecurityexception.png
  
 
From now on, we shall receive the page as intended:-
 
From now on, we shall receive the page as intended:-
 +
 +
http://www.international-presence.com/images/docs/https/simplesecureresponse.png
 +
 +
It is also possible to generate your own .cer file that can then be imported onto a pc to access the site without warnings.
 +
 +
To do this first list the keys in your keystore using:-
 +
 +
keytool -list -v -keystore c:\keystore
 +
 +
http://www.international-presence.com/images/docs/https/listkeys.png
 +
 +
Now run the command to create the cer file.
 +
Note that by default the keystore is in your users directory unless otherwise specified.
 +
 +
keytool -export -alias mykey -keystore c:\keystore -file c:\presence.cer
 +
 +
http://www.international-presence.com/images/docs/https/generatecer.png
 +
 +
You can now send this to a user who can right click on the cer in windows explorer and import it into their system.
 +
 +
They should now be able to browse to the site in ie or chrome without any warning or need to add an exception.

Latest revision as of 17:50, 23 January 2012

To create a keystore for the https server:-


keytool -keyalg RSA -genkey -validity 731 -keystore c:\\keystore

http://www.international-presence.com/images/docs/https/createkeystore.png

After this you can then create a self signed certificate:-

keytool -selfcert -validity 721 -keystore c:\\keystore

http://www.international-presence.com/images/docs/https/selfsigned.png

Now place the file keystore into the presence res directory.

In the httpconfig edit the following:-

<http-config httpenabled="true" httpsenabled="true" port="81" secureport="443">
<security>
       <keystore>./res/keystore</keystore>
       <password>password</password>
       <keypassword>password</keypassword>
</security>


Because we gave the name as impscloud, if we go to C:\WINDOWS\system32\drivers\etc\hosts and edit this we can point it to a chosen machine:-

http://www.international-presence.com/images/docs/https/hosts.png

Then we can go to this page:-

https://impscloud/test.xhtml

Initially you will receive a warning, where you should choose "I Understand The Risks".

http://www.international-presence.com/images/docs/https/untrustedconnection.png

We can then select "Get The Certificiate" and then "Confirm Security Exception"

http://www.international-presence.com/images/docs/https/confirmsecurityexception.png

From now on, we shall receive the page as intended:-

http://www.international-presence.com/images/docs/https/simplesecureresponse.png

It is also possible to generate your own .cer file that can then be imported onto a pc to access the site without warnings.

To do this first list the keys in your keystore using:-

keytool -list -v -keystore c:\keystore

http://www.international-presence.com/images/docs/https/listkeys.png

Now run the command to create the cer file. Note that by default the keystore is in your users directory unless otherwise specified.

keytool -export -alias mykey -keystore c:\keystore -file c:\presence.cer

http://www.international-presence.com/images/docs/https/generatecer.png

You can now send this to a user who can right click on the cer in windows explorer and import it into their system.

They should now be able to browse to the site in ie or chrome without any warning or need to add an exception.