Hello, I want to start with saying great video! I also want to throw out some additional advice. Some of you may work in an environment where the generated key pair will get rejected by the certificate authority server or you may also run into a situation where it allows you to create it but does not establish the trust. There are two fixes to this problem, The easier one is to request a certificate with mmc.exe > add snap in > certificates > local computer > personal > request certificate and ensure you are selected the option to make the private key exportable. When you export, make sure to select the delete the private key if export is successful box. This will create a key pair that you can transfer directly into the java p12 store. Just be sure to list the server as a common name and your link as a common name so that they both resolve using the certificate. The other fix is configuring an application policy SSL template on the certificate authority server and all of this happens automatically. (there's more to this than just what I'm saying) I won't rob you all of figuring it out but it's pretty cool once you do.
Bill, at 4:06 when you enter the Organization Name, Locality, etc, does that have to match the information for the CA (in my case it's GoDaddy), or should I enter the information for my organization? Or does it matter?
Your tutorial is great, it is easy to follow. I have one question, how do you determine what exertions you need to add to your template when you create it in Microsoft Certificate Services ? I tried the build in webserver one that that is not working for me.
Create video, after installing the certificate, any web application I installed in tomcat will be secure by certificate and the url will have the lock icon ?
Thanks for this video. Will this work if I want to use a password on the keystore, and if yes, what would be the name of element in the server.xml file
Hello, I want to start with saying great video! I also want to throw out some additional advice. Some of you may work in an environment where the generated key pair will get rejected by the certificate authority server or you may also run into a situation where it allows you to create it but does not establish the trust. There are two fixes to this problem, The easier one is to request a certificate with mmc.exe > add snap in > certificates > local computer > personal > request certificate and ensure you are selected the option to make the private key exportable. When you export, make sure to select the delete the private key if export is successful box. This will create a key pair that you can transfer directly into the java p12 store. Just be sure to list the server as a common name and your link as a common name so that they both resolve using the certificate.
The other fix is configuring an application policy SSL template on the certificate authority server and all of this happens automatically. (there's more to this than just what I'm saying) I won't rob you all of figuring it out but it's pretty cool once you do.
Bill, at 4:06 when you enter the Organization Name, Locality, etc, does that have to match the information for the CA (in my case it's GoDaddy), or should I enter the information for my organization? Or does it matter?
Never mind, figured it out, did not matter. This video was a lifesaver, THANK YOU!
Your tutorial is great, it is easy to follow. I have one question, how do you determine what exertions you need to add to your template when you create it in Microsoft Certificate Services ? I tried the build in webserver one that that is not working for me.
Can you share the steps document
Create video, after installing the certificate, any web application I installed in tomcat will be secure by certificate and the url will have the lock icon ?
Great tutorial!! You are the best!!!!!!!!!
Thanks for the info... did you have to do something with the Java bit first like keytool -genkey -alias tomcat -keyalg RSA ?
The KeyStore Explorer GUI is a lot easier to use than the command-line keytool command.
Hi, question, what would be my servername? I see you have fabdc1/certsrv. How do I create one or where do I find it?
The server name is your domain's CA (certificate authority) server.
@@billstewart5099 hi, this is a local service on the ActiveDirectory server? DomainServer? How we have our own Certificate Authority? Thanks
very helpful this video
Thanks for this video. Will this work if I want to use a password on the keystore, and if yes, what would be the name of element in the server.xml file
Hey Bill, have you successfully gotten Apache Tomcat to use a locally installed certificate on a Windows Server? Using something like this?