Knowledgebase Home | Glossary | Favorites | Login
Jetty CSR and Certificate Installation

Preparation

When following the information in this document, ensure that you back up relevant files before overwriting or deleting them. Work with your network staff to obtain the following information for
production installations:

• DNS Domain for your URL
• Internet-facing IP Address
• Internet-facing DNS Entry for the latter IP address in the desired DNS Domain

You must also install the Java Development Kit (5.0 or later), which provides the keytool command referenced in this article. It is a best practice to place the JDK binaries on the classpath so that the keytool command is accessible from any directory. To learn more about keytool, click the following link:

http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html

Step-1
Generating a keystore

To generate a keystore, run the following command (the parameters are explained below):

keytool -genkey -keystore -storepass -keypass -keyalg RSA –keysize 2048 -alias -dname

"CN= , OU=, O=, L= ,ST=, C=

• commonName - common name of a person, e.g., "Susan Jones"
• organizationUnit - small organization (e.g, department or division) name, e.g.,"Purchasing"
• organizationName - large organization name, e.g., "ABCSystems, Inc."
• localityName - locality (city) name, e.g., "Palo Alto"
• stateName - state or province name, e.g., "California"
• country - two-letter country code, e.g., "CH"

Example Command

The following command shows an example command with parameter placeholders replaced with sample parameters:

keytool -genkey -keystore keystore -storepass 123456ABC -keypass

123456ABC -keyalg RSA –keysize 2048-alias jetty -dname

"CN=www.company.com , OU=information_services, O=ABC, L=New York , ST=New York, C=US"

Step-2
Generate Certificate Signing Request (CSR)


This command generates a Certificate Signing Request (CSR) that is used to request a certificate from a certificate authority, based on your generated key:

keytool -certreq -keyalg RSA -keystore -storepass -alias -file certreq.csr

Example Command:

keytool -certreq -keyalg RSA –keysize 2048 -keystore c:\keystore -storepass -alias jetty -file

c:\certreq.csr


Step-3
Submit Certificate Signing Request to Certificate Authority (CA)

Send certreq.csr file to Mango CA to sign. Once Mango CA generates your certificate, you will be notified and can download and proceed to the next following steps.

Step-4
Add certificates to keystore

Download Mango SubCA, CA and Root Certificate in pem format from the following links (Mango CA may send you these certificates by email as well)-

http://secure.mangoca.com/publicweb/webdist/certdist?cmd=cacert&issuer=STREET%3d82+Mohakhali+Commercial+Area+(12th+Floor)%2cPostalCode%3d1212%2cCN%3dMango+Class0+Server+Certificate%2cOU%3dSub-CA%2cO%3dMango+Teleservices+Limited%2cL%3dDhaka%2cC%3dBD%2c2.5.4.51%3dMohakhali+Tower&level=0

http://secure.mangoca.com/publicweb/webdist/certdist?cmd=cacert&issuer=STREET%3d82+Mohakhali+Commercial+Area+(12th+Floor)%2cPostalCode%3d1212%2cCN%3dMango+Class0+Server+Certificate%2cOU%3dSub-CA%2cO%3dMango+Teleservices+Limited%2cL%3dDhaka%2cC%3dBD%2c2.5.4.51%3dMohakhali+Tower&level=1

http://secure.mangoca.com/publicweb/webdist/certdist?cmd=cacert&issuer=STREET%3d82+Mohakhali+Commercial+Area+(12th+Floor)%2cPostalCode%3d1212%2cCN%3dMango+Class0+Server+Certificate%2cOU%3dSub-CA%2cO%3dMango+Teleservices+Limited%2cL%3dDhaka%2cC%3dBD%2c2.5.4.51%3dMohakhali+Tower&level=2

After you have received the certificate (and possibly the certificate chain files) you need to add them to the keystore you used to generate the CSR. After adding the certificate, the keystore will be ready for use by Jetty. Back up the keystore and record all related information (e.g.,password).

To add the certificates, run the following commands:

keytool -import -alias -keystore -trustcacerts -file

Example command:

keytool -import -alias jetty -keystore c:\keystore -trustcacerts -file c:\certificate.pem

keytool -import -alias mango_subca -keystore c:\keystore -trustcacerts -file mangosubca.pem

keytool -import -alias mango_ca -keystore c:\keystore -trustcacerts -file mangoca.pem

keytool -import -alias root_ca -keystore c:\keystore -trustcacerts -file rootca.pem

Configure Jetty

After you have prepared your keystore file, you must configure Jetty to use it.

To configure Jetty:

1. Back up the original keystore.
2. Copy the keystore file to webserver/resources and remove the default keystore file that comes with xMatters.
3. Open start.ini file in C:\dsetesa\jetty-distribution-7.3.1.v20110307 in text editor.
4. Uncomment the line # etc/jetty-ssl.xml like etc/jetty-ssl.xml
5. Save and close the file.
6. Navigate to the webserver/etc/jetty-ssl.xml file and open it in a text editor.
7. Locate the following text and replace with the name of your keystore file (note that you must also replace, and with the actual values from the initial keystore creation in the "Generating a Keystore" section):

<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.security.SslSocketConnector">
<Set name="Port">8443</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="handshakeTimeout">2000</Set>
<Set name="keystore"><SystemProperty name="jetty.home" default="."/>/resources/<your.keystore.filename></Set>
<Set name="password"><your.store.password></Set>
<Set name="keyPassword"><your.key.password></Set>
<Set name="truststore"><SystemProperty name="jetty.home" default="."/>/resources/<your.keystore.filename></Set>
<Set name="trustPassword"><your.trust.password></Set>
</New>
</Arg>
</Call>

5. Restart your web server after making these changes.

Article Details

Last Updated
20th o September, 2012

Related Articles
No related articles were found.
Attachments
No attachments were found.

Continue

Powered by Mango Certifying Authority