This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
2) In the OpenSSL installation directory, create subdirectory private. The Certificate Authority's private key will be stored here.
In the OpenSSL installation directory, create subdirectory newcerts. New certificates signed by the CA will be stored here.
In the OpenSSL installation directory, create an empty file named index.txt. OpenSSL keeps its signed certificates database in that file.
From the subdirectory bin/PEM/demoCA of the OpenSSL installation directory, copy the file serial to the OpenSSL installation directory. Open the copied serial file and edit it to read 00 and save. Each new CA-signed certificate's serial number is taken from this file's content, which is incremented each time a certificate is signed.
3) In openssl.cfg .Did the following changes
dir = c:/openssl <-- This is the OpenSSL installation directory
certificate = $dir/private/cacert.pem
#crl = $dir/crl.pem
5)Convert the certificate PEM file to a DER encoded file
cd /d "%OPENSSL_HOME%"
openssl x509 -in private\CACert.pem -out private\CACert.cer -outform DER
This command creates file CACert.cer in the private subdirectory.
keytool -import -keystore jre\lib\security\cacerts -alias AppOpenSSLCert -file %OPENSSL_HOME%\private\cacert.cer
This adds our self-signed CA certificate to Java's trusted CA certificates, which are kept in file jre\lib\security\cacerts in the Java JDK installation directory.
Our self-signed CA certificate was stored under the alias AppOpenSSLCert.
As per documentation it should have worked(i.e i tried hitting the URL with https) but it did not work . To make it work I had to run one more command i.e
C:\Program Files\Java\jdk1.6.0_23>keytool -genkey -alias tomcat -keyalg RSA which generated .keystore file((which will have SSL certificate which will be send when client makes https request and client matches this certificates in truststore and private key)
Finally i made changes in server.xml and it worked
Thats why whole confusion came to my mind. If we are using certificates pointed by .keystore file generated in 7th step,what is the purpose of steps i did from 1 to 6(CAKey.pem and CACert.pem files).