Microsoft Windows [Version 5.2.3790] (C) Copyright 1985-2003 Microsoft Corp. C:\Documents and Settings\trevor>cd\ C:\>cd "Program Files"
C:\Program Files>cd "Time Guardian Pro"\jre\bi The system cannot find the path specified. C:\Program Files>cd "Time Guardian Pro\jre\bin"
C:\Program Files\Time Guardian Pro\jre\bin>keytool -list -v -keystore "C:\Progra m Files\Time Guardian Pro\apache-tomcat-5.5.12\conf\amanoKeys.jks"
Enter keystore password: Keystore type: JKS
Keystore provider: SUN
Your keystore contains 3 entries Alias name: inter
Creation date: Feb 25, 2009 Entry type: trustedCertEntry
Owner: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST N etwork, L=Salt Lake City, ST=UT, C=US
Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTru st AB, C=SE
Serial number: 5242064a4f37fe4369487a9667ff5d27
Valid from: Tue Jun 07 02:09:10 MDT 2005 until: Sat May 30 04:48:38 MDT 2020 Certificate fingerprints:
MD5: 1C:BC:22:07:4D:3A:3A:BB:9D:A4:71:D5:F6:6D:AD:45
SHA1: 86:75:39:A2:6C:81:FA:2D:78:27:7C:3A:DF:DB:30:43:12:53:5E:57 Signature algorithm name: SHA1withRSA
Version: 3 Extensions: #1: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ Key_CertSign Crl_Sign ] #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: A1 72 5F 26 1B 28 98 43 95 5D 07 37 D5 85 96 9D .r_&.(.C.].7.... 0010: 4B D2 C3 45 K..E ] ] #4: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.comodoca.com/AddTrustExternalCARoot.crl] , DistributionPoint: [URIName: http://crl.comodo.net/AddTrustExternalCARoot.crl] ]] #5: ObjectId: 2.5.29.32 Criticality=false
Basically:
1. You’ll create a new keystore(.jks)
2. Convert it to a CSR(.cer)
3. Email it to the CA
i.
CA will provide 2 or 3 signed
certs(root,inter,domain)
4. Make sure the new keystore you made is in
TGP\apache\conf
5. Import the 3 signed certs to the keystore
6. Edit ENDPOINT(s)
7. Restart apache service
SSL: HOW TO APPLY SIGNED CERTFICATE TO TGP
This entire command checks the current status of tomcat’s SSL entries
[] ] ] #6: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: AD BD 98 7A 34 B4 26 F7 FA C4 26 54 EF 03 BD E0 ...z4.&...&T.... 0010: 24 CB 54 1A $.T. ] ] ******************************************* ******************************************* Alias name: root
Creation date: Feb 25, 2009 Entry type: trustedCertEntry
Owner: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrus t AB, C=SE
Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTru st AB, C=SE
Serial number: 1
Valid from: Tue May 30 04:48:38 MDT 2000 until: Sat May 30 04:48:38 MDT 2020 Certificate fingerprints:
MD5: 1D:35:54:04:85:78:B0:3F:42:42:4D:BF:20:73:0A:3F
SHA1: 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68 Signature algorithm name: SHA1withRSA
Version: 3 Extensions: #1: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #2: ObjectId: 2.5.29.15 Criticality=false KeyUsage [ Key_CertSign Crl_Sign ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: AD BD 98 7A 34 B4 26 F7 FA C4 26 54 EF 03 BD E0 ...z4.&...&T.... 0010: 24 CB 54 1A $.T. ] ] #4: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: AD BD 98 7A 34 B4 26 F7 FA C4 26 54 EF 03 BD E0 ...z4.&...&T.... 0010: 24 CB 54 1A $.T. ]
[CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE]
SerialNumber: [ 01] ]
******************************************* ******************************************* Alias name: tomcat
Creation date: Feb 25, 2009 Entry type: trustedCertEntry
Owner: CN=www.petlandtimeserver.ca, OU=Comodo InstantSSL, O=Petland, L=Calgary, ST=Alberta, C=CA
Issuer: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Serial number: e5e4a34bc7f1ae41a0512e7a6c7fadc9
Valid from: Thu Feb 05 17:00:00 MST 2009 until: Thu Feb 06 16:59:59 MST 2014 Certificate fingerprints:
MD5: C3:4F:4C:3E:A3:B4:94:58:5D:C0:71:0A:5F:F5:60:7C
SHA1: 0F:E7:0E:25:84:B9:CF:D6:2C:EB:E3:8B:AB:F9:32:6A:62:2A:6E:EA Signature algorithm name: SHA1withRSA
Version: 3 Extensions: #1: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_Encipherment ] #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:false PathLen: undefined ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 3A D1 68 8C B0 FD C4 24 65 98 71 01 8A 14 2E 9F :.h....$e.q... 0010: EE C3 6E BC ..n. ] ] #4: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false AuthorityInfoAccess [ [accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://crt.comodoca.com/UTNAddTrustServerCA.crt, acc essMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.comodoca.com] ] #5: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl] , DistributionPoint: [URIName: http://crl.comodo.net/UTN-USERFirst-Hardware.crl] ]] #6: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.6449.1.2.1.3.4] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1D 68 74 74 70 73 3A 2F 2F 73 65 63 75 72 65 ..https:// secure 0010: 2E 63 6F 6D 6F 64 6F 2E 6E 65 74 2F 43 50 53 .comodo.net/CPS ]] ]
This is wrong
#7: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] #8: ObjectId: 2.16.840.1.113730.1.1 Criticality=false NetscapeCertType [ SSL client SSL server ] #9: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: A1 72 5F 26 1B 28 98 43 95 5D 07 37 D5 85 96 9D .r_&.(.C.].7.... 0010: 4B D2 C3 45 K..E ] ] #10: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [ DNSName: www.petlandtimeserver.ca DNSName: petlandtimeserver.ca ] ******************************************* *******************************************
C:\Program Files\Time Guardian Pro\jre\bin>keytool -genkey -keyalg RSA -keystore
"e:\amanoKeys.jks" -validity 1825 -alias tomcat -keypass amano123 -storepass amano123 What is your first and last name?
[Unknown]: www.petlandtimeserver.ca
What is the name of your organizational unit? [Unknown]: Petland
What is the name of your organization? [Unknown]:
What is the name of your City or Locality? [Unknown]:
What is the name of your State or Province? [Unknown]:
What is the two-letter country code for this unit? [Unknown]: CA
Is CN=www.petlandtimeserver.ca, OU=Petland, O=Unknown, L=Unknown, ST=Unknown, C= CA correct?
[no]: yes
C:\Program Files\Time Guardian Pro\jre\bin>keytool -certreq -alias tomcat -file e:\amano.cer -keystore "e:\amanoKeys.jks" -storepass amano123
Rename the amanoKeys.jks (keystore)
from the apache\conf dir before you
proceed with the below commands
Not important
Any keytool commands must be executed in a single line, note the
keypass/storepass
– which will be your password later
Email the file to the certificate
authority (i.e. verisign, comodo, etc.)
This is the CSR.
S
T
E
P
1
S
T
E
P
2
&
3
C:\Program Files\Time Guardian Pro\jre\bin>keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore "C:\Program Files\Time Guardian Pro\apache-tomcat-5.5.12\conf\amanoKeys.jks"
Enter keystore password:
Certificate already exists in system-wide CA keystore under alias <addtrustexter nalca>
Do you still want to add it to your own keystore? [no]: yes Certificate was added to keystore
C:\Program Files\Time Guardian Pro\jre\bin>keytool -import -trustcacerts -alias INTER -file "UTNAddTrustServerCA.crt -keystore "C:\Program Files\Time Guardian P ro\apache-tomcat-5.5.12\conf\amanoKeys.jks"
keytool error: java.lang.RuntimeException: Usage error, Files\Time is not a lega l command
C:\Program Files\Time Guardian Pro\jre\bin>keytool -import -trustcacerts -alias INTER -file UTNAddTrustServerCA.crt -keystore "C:\Program Files\Time Guardian Pr o\apache-tomcat-5.5.12\conf\amanoKeys.jks"
Enter keystore password:
Certificate was added to keystore
C:\Program Files\Time Guardian Pro\jre\bin>keytool -import -trustcacerts -alias tomcat -file www_petlandtimeserver_ca.crt -keystore "C:\Program Files\Time Guard ian Pro\apache-tomcat-5.5.12\conf\amanoKeys.jks"
Enter keystore password:
Certificate reply was installed in keystore
C:\Program Files\Time Guardian Pro\jre\bin>keytool -list -v -keystore "C:\Progra m Files\Time Guardian Pro\apache-tomcat-5.5.12\conf\amanoKeys.jks" >newlist.txt Enter keystore password: amano123
C:\Program Files\Time Guardian Pro\jre\bin>
C:\Program Files\Time Guardian
Pro\apache-tomcat-5.5.12\webapps\tgpro\WEB-INF\classes\TGProResources.properties
the above file must be set to non-ssl with localhost on all ENDPOINTs:
CALCENGINE_WS_ENDPOINT=http://localhost:8080/axis/services/tgpro/CalcEngineService
CALCENGINE_WS_CONSUMER_ID=tgpro
CALCENGINE_WS_CONSUMER_PASSWORD=a,&^^684849ydyh38fjh28rj3849
# IM web service - TODO: Change for IM
IM_WS_ENDPOINT=http://localhost:8080/axis/services/tgpro/IMService
IM_WS_CONSUMER_ID=tgpro
IM_WS_CONSUMER_PASSWORD=a,&^^684849ydyh38fjh28rj3849
# report web service consumer
REPORT_WS_ENDPOINT=http://localhost:8080/axis/services/tgpro/ReportService
REPORT_WS_CONSUMER_ID=tgpro
REPORT_WS_CONSUMER_PASSWORD=a,&^^684849ydyh38fjh28rj3849
# schedule web service consumer
SCHEDULE_WS_ENDPOINT=http://localhost:8080/axis/services/tgpro/RotationService
Restart the apache tomcat service
After running, keytool -list -v -keystore "C:\Program Files\Time Guardian Pro\apache-tomcat-5.5.12\conf\amanoKeys.jks" again…
enter your keypass/storepass here
When you receive the 2 or 3 signed files from the CA, copy them to where keytool.exe (TGP\jre\bin) is. Also
move the new jks file that you previously made to the TGP\apache\conf folder.
S
T
E
P
4
&
5
S
T
E
S
T
E
P
6
Keystore provider: SUN
Your keystore contains 3 entries Alias name: inter
Creation date: Feb 25, 2009 Entry type: trustedCertEntry
Owner: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer:
CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE Serial number:
5242064a4f37fe4369487a9667ff5d27
Valid from: Tue Jun 07 02:09:10 MDT 2005 until: Sat May 30 04:48:38 MDT 2020 Certificate
fingerprints:
MD5: 1C:BC:22:07:4D:3A:3A:BB:9D:A4:71:D5:F6:6D:AD:45 SHA1:
86:75:39:A2:6C:81:FA:2D:78:27:7C:3A:DF:DB:30:43:12:53:5E:57 Signature algorithm name: SHA1withRSA
Version: 3 Extensions: #1: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ Key_CertSign Crl_Sign ] #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: A1 72 5F 26 1B 28 98 43 95 5D 07 37 D5 85 96 9D .r_&.(.C.].7.... 0010: 4B D2 C3 45 K..E ] ] #4: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.comodoca.com/AddTrustExternalCARoot.crl] , DistributionPoint: [URIName: http://crl.comodo.net/AddTrustExternalCARoot.crl] ]] #5: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [2.5.29.32.0] [] ] ] #6: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [ KeyIdentifier [ 0000: AD BD 98 7A 34 B4 26 F7 FA C4 26 54 EF 03 BD E0 ...z4.&...&T.... 0010: 24 CB 54 1A $.T. ] ] ******************************************* ******************************************* Alias name: root
Creation date: Feb 25, 2009 Entry type: trustedCertEntry
Owner: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust External CA
Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE Serial number: 1
Valid from: Tue May 30 04:48:38 MDT 2000 until: Sat May 30 04:48:38 MDT 2020
Certificate fingerprints:
MD5: 1D:35:54:04:85:78:B0:3F:42:42:4D:BF:20:73:0A:3F SHA1:
02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68 Signature algorithm name: SHA1withRSA
Version: 3 Extensions: #1: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #2: ObjectId: 2.5.29.15 Criticality=false KeyUsage [ Key_CertSign Crl_Sign ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: AD BD 98 7A 34 B4 26 F7 FA C4 26 54 EF 03 BD E0 ...z4.&...&T.... 0010: 24 CB 54 1A $.T. ] ] #4: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: AD BD 98 7A 34 B4 26 F7 FA C4 26 54 EF 03 BD E0 ...z4.&...&T.... 0010: 24 CB 54 1A $.T.
[CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE] SerialNumber: [ 01]
]
******************************************* ******************************************* Alias name: tomcat
Creation date: Feb 25, 2009 Entry type: PrivateKeyEntry Certificate chain length: 3 Certificate[1]:
Owner: CN=www.petlandtimeserver.ca, OU=Comodo InstantSSL, O=Petland, L=Calgary, ST=Alberta, C=CA
Issuer:
CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Serial number:
1d99c44e647d63bb4a90c83b66fbadb5
Valid from: Thu Feb 05 17:00:00 MST 2009 until: Thu Feb 06 16:59:59 MST 2014 Certificate
fingerprints:
MD5: C4:AA:71:0E:A7:CC:D8:70:A6:33:C1:99:E3:CD:02:2C SHA1:
08:22:4B:1C:6D:22:14:63:99:33:EF:CF:69:66:FC:94:A3:C1:34:61 Signature algorithm name: SHA1withRSA
Version: 3 Extensions: #1: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_Encipherment ] #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:false PathLen: undefined ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 8D B6 76 2E BF 23 EB D2 5B 3D CE F7 B4 AD 58 BD ..v..#..[=....X. 0010: 9A F8 1C 40 ...@ ] ] #4: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false AuthorityInfoAccess [ [accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://crt.comodoca.com/UTNAddTrustServerCA.crt, accessMethod: 1.3.6.1.5.5.7.48.1 accessLocation: URIName: http://ocsp.comodoca.com] ] #5: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl] , DistributionPoint: [URIName: http://crl.comodo.net/UTN-USERFirst-Hardware.crl] ]] #6: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [
This is correct
[CertificatePolicyId: [1.3.6.1.4.1.6449.1.2.1.3.4] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1D 68 74 74 70 73 3A 2F 2F 73 65 63 75 72 65 ..https://secure 0010: 2E 63 6F 6D 6F 64 6F 2E 6E 65 74 2F 43 50 53 .comodo.net/CPS ]] ] ] #7: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] #8: ObjectId: 2.16.840.1.113730.1.1 Criticality=false NetscapeCertType [ SSL client SSL server ] #9: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: A1 72 5F 26 1B 28 98 43 95 5D 07 37 D5 85 96 9D .r_&.(.C.].7.... 0010: 4B D2 C3 45 K..E ] ] #10: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [ DNSName: www.petlandtimeserver.ca DNSName: petlandtimeserver.ca ] Certificate[2]:
Owner: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer:
CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE Serial number:
5242064a4f37fe4369487a9667ff5d27
Valid from: Tue Jun 07 02:09:10 MDT 2005 until: Sat May 30 04:48:38 MDT 2020 Certificate
fingerprints:
MD5: 1C:BC:22:07:4D:3A:3A:BB:9D:A4:71:D5:F6:6D:AD:45 SHA1:
86:75:39:A2:6C:81:FA:2D:78:27:7C:3A:DF:DB:30:43:12:53:5E:57 Signature algorithm name: SHA1withRSA
Version: 3 Extensions: #1: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ Key_CertSign Crl_Sign ] #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: A1 72 5F 26 1B 28 98 43 95 5D 07 37 D5 85 96 9D .r_&.(.C.].7.... 0010: 4B D2 C3 45 K..E ] ]
[DistributionPoint: [URIName: http://crl.comodoca.com/AddTrustExternalCARoot.crl] , DistributionPoint: [URIName: http://crl.comodo.net/AddTrustExternalCARoot.crl] ]] #5: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [2.5.29.32.0] [] ] ] #6: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: AD BD 98 7A 34 B4 26 F7 FA C4 26 54 EF 03 BD E0 ...z4.&...&T.... 0010: 24 CB 54 1A $.T. ] ] Certificate[3]:
Owner: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE Issuer: CN=AddTrust External CA
Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE Serial number: 1
Valid from: Tue May 30 04:48:38 MDT 2000 until: Sat May 30 04:48:38 MDT 2020
Certificate fingerprints:
MD5: 1D:35:54:04:85:78:B0:3F:42:42:4D:BF:20:73:0A:3F SHA1:
02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68 Signature algorithm name: SHA1withRSA
Version: 3 Extensions: #1: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #2: ObjectId: 2.5.29.15 Criticality=false KeyUsage [ Key_CertSign Crl_Sign ] #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: AD BD 98 7A 34 B4 26 F7 FA C4 26 54 EF 03 BD E0 ...z4.&...&T.... 0010: 24 CB 54 1A $.T. ] ] #4: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: AD BD 98 7A 34 B4 26 F7 FA C4 26 54 EF 03 BD E0 ...z4.&...&T.... 0010: 24 CB 54 1A $.T. ]
[CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE] SerialNumber: [ 01]
]
******************************************* *******************************************