Installing a security certificate for Apache Tomcat ™

It is important to secure communications between the different servers you will use. In particular, exchanges with the application server on which you are going to Deploy the SECollab application. If you are encouraged to use a certificate belonging to your company, you can still use a self-signed certificate by creating it as follows.

In the file <tomcat>/conf/server.xml, Apache Tomcat is configured to read the server certificate from a keystore file.

To improve security, you need to generate a certificate. When you generate the new certificate you set values that are based on your company information. These values include the fully qualified domain name of the Tomcat server that you are deploying SEcollab.

The Java Development Kit (JDK) keytool program is useful for managing keystores and certificates on the server. The keytool program is provided with any standard JDK distribution and can be located in the bin sub-directory of wherever your JDK is installed: JAVA_HOME\bin.

For more information about the keytool program, see Key and Certificate Management Tool

Specifically, it is necessary to proceed as follows:

  1. Launch a Command Prompt.
  2. Go to the directory where the keystore file is located. Typically cd JAVA_HOME\bin
  3. Add a certificate to the keystore.
    1. Run this command: keytool -genkey -keyalg RSA -alias example_name -keystore example_name-ssl.keystore -storepass example_name -validity 360 -keysize 2048
    2. To enable the generation of the certificate, you will have to enter your first and last name (surname), the full name of the Tomcat server that will receive the SECollab application.
      • Warning: The name of the server hosting SECollab must match the name that you enter for the certificate, otherwise a security certificate error results when you start the server.
    3. Use your company information to complete the remaining prompts for information. For the key password prompt, press RETURN to use the same certificate password as the keystore password. These values are for information purposes only. After you complete the prompts, the example_name-ssl.keystore file is changed so that it contains a self-signed certificate that is based on your company information.
  4. If Apache Tomcat was running when you made the previous changes, restart the server to take these changes into account.