Difference between revisions of "Configuring the http server for https using the keytool"
(7 intermediate revisions by the same user not shown) | |||
Line 33: | Line 33: | ||
https://impscloud/test.xhtml | https://impscloud/test.xhtml | ||
− | Initially | + | Initially you will receive a warning, where you should choose "I Understand The Risks". |
http://www.international-presence.com/images/docs/https/untrustedconnection.png | http://www.international-presence.com/images/docs/https/untrustedconnection.png | ||
Line 43: | Line 43: | ||
From now on, we shall receive the page as intended:- | From now on, we shall receive the page as intended:- | ||
− | |||
http://www.international-presence.com/images/docs/https/simplesecureresponse.png | http://www.international-presence.com/images/docs/https/simplesecureresponse.png | ||
+ | |||
+ | It is also possible to generate your own .cer file that can then be imported onto a pc to access the site without warnings. | ||
+ | |||
+ | To do this first list the keys in your keystore using:- | ||
+ | |||
+ | keytool -list -v -keystore c:\keystore | ||
+ | |||
+ | http://www.international-presence.com/images/docs/https/listkeys.png | ||
+ | |||
+ | Now run the command to create the cer file. | ||
+ | Note that by default the keystore is in your users directory unless otherwise specified. | ||
+ | |||
+ | keytool -export -alias mykey -keystore c:\keystore -file c:\presence.cer | ||
+ | |||
+ | http://www.international-presence.com/images/docs/https/generatecer.png | ||
+ | |||
+ | You can now send this to a user who can right click on the cer in windows explorer and import it into their system. | ||
+ | |||
+ | They should now be able to browse to the site in ie or chrome without any warning or need to add an exception. |
Latest revision as of 17:50, 23 January 2012
To create a keystore for the https server:-
keytool -keyalg RSA -genkey -validity 731 -keystore c:\\keystore
http://www.international-presence.com/images/docs/https/createkeystore.png
After this you can then create a self signed certificate:-
keytool -selfcert -validity 721 -keystore c:\\keystore
http://www.international-presence.com/images/docs/https/selfsigned.png
Now place the file keystore into the presence res directory.
In the httpconfig edit the following:-
<http-config httpenabled="true" httpsenabled="true" port="81" secureport="443">
<security> <keystore>./res/keystore</keystore> <password>password</password> <keypassword>password</keypassword> </security>
Because we gave the name as impscloud, if we go to C:\WINDOWS\system32\drivers\etc\hosts and edit this we can point it to a chosen machine:-
http://www.international-presence.com/images/docs/https/hosts.png
Then we can go to this page:-
Initially you will receive a warning, where you should choose "I Understand The Risks".
http://www.international-presence.com/images/docs/https/untrustedconnection.png
We can then select "Get The Certificiate" and then "Confirm Security Exception"
http://www.international-presence.com/images/docs/https/confirmsecurityexception.png
From now on, we shall receive the page as intended:-
http://www.international-presence.com/images/docs/https/simplesecureresponse.png
It is also possible to generate your own .cer file that can then be imported onto a pc to access the site without warnings.
To do this first list the keys in your keystore using:-
keytool -list -v -keystore c:\keystore
http://www.international-presence.com/images/docs/https/listkeys.png
Now run the command to create the cer file. Note that by default the keystore is in your users directory unless otherwise specified.
keytool -export -alias mykey -keystore c:\keystore -file c:\presence.cer
http://www.international-presence.com/images/docs/https/generatecer.png
You can now send this to a user who can right click on the cer in windows explorer and import it into their system.
They should now be able to browse to the site in ie or chrome without any warning or need to add an exception.