svn commit: r1919868 - in /tomcat/site/trunk: docs/presentations/ xdocs/

Tue, 13 Aug 2024 08:33:19 -0700 

Author: markt
Date: Tue Aug 13 15:33:03 2024
New Revision: 1919868

URL: http://svn.apache.org/viewvc?rev=1919868&view=rev
Log:
Migrate webinar 2016

Added:
    
tomcat/site/trunk/docs/presentations/2016-01-25-webinar-TLS-key-certificate-generation-script.txt
    tomcat/site/trunk/docs/presentations/2016-05-acna-Monitoring Apache Tomcat 
with JMX.pdf   (with props)
    tomcat/site/trunk/docs/presentations/2016-05-acna-Seamless Upgrades for 
Credential Security in Apache Tomcat.pdf   (with props)
Removed:
    tomcat/site/trunk/docs/presentations/2016-05-acna-Monitoring Apache Tomcat 
with JMX.pdf.crdownload
    tomcat/site/trunk/docs/presentations/2016-05-acna-Seamless Upgrades for 
Credential Security in Apache Tomcat.pdf.crdownload
Modified:
    tomcat/site/trunk/xdocs/presentations.xml

Added: 
tomcat/site/trunk/docs/presentations/2016-01-25-webinar-TLS-key-certificate-generation-script.txt
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/presentations/2016-01-25-webinar-TLS-key-certificate-generation-script.txt?rev=1919868&view=auto
==============================================================================
--- 
tomcat/site/trunk/docs/presentations/2016-01-25-webinar-TLS-key-certificate-generation-script.txt
 (added)
+++ 
tomcat/site/trunk/docs/presentations/2016-01-25-webinar-TLS-key-certificate-generation-script.txt
 Tue Aug 13 15:33:03 2024
@@ -0,0 +1,72 @@
+These instructions are for Windows
+Modify the paths as approptiate for your OS.
+
+Create a CA
+===========
+
+1. Create the directory structure
+
+   mkdir demoCA
+   mkdir demoCA\newcerts demoCA\private demoCA\csr demoCA\keystores
+   echo 1000 > demoCA\serial
+   echo 2>demoCA\index.txt
+   
+2. Create the CA
+   openssl req -config openssl.cnf -new -x509 -days 3650 -extensions v3_ca 
-keyout demoCA\private\cakey.pem -out demoCA\cacert.pem
+
+Create an APR/native key and certificate for localhost
+======================================================
+   
+1. Create the private key and the certificate signing request
+   openssl req -config openssl.cnf -new -nodes -out 
demoCA\csr\localhost-req.pem -keyout demoCA\private\localhost-key.pem
+
+2. Sign the certifcate
+   openssl ca -config openssl.cnf -days 730 -out 
demoCA\newcerts\localhost-cert.pem -infiles demoCA\csr\localhost-req.pem
+
+3. Create the certificate chain file
+   Just the CA certificate
+
+4. Install key, certificate and chain files
+   <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
+              maxThreads="150" SSLEnabled="true" >
+       <SSLHostConfig>
+           <Certificate certificateKeyFile="conf/localhost-key.pem"
+                        certificateFile="conf/localhost-cert.pem"
+                        certificateChainFile="conf/localhost-chain.pem"
+                        type="RSA" />
+       </SSLHostConfig>
+   </Connector>
+
+Create a Java Keystore for localhost
+====================================
+
+1. Ensure keytool is on the path
+   set JAVA_HOME=C:\java\jdk1.8.0_72_x64
+   set PATH=%PATH%;%JAVA_HOME%\bin
+
+2. Create the private key
+   keytool -genkey -alias tomcat -keyalg RSA -keystore 
demoCA\keystores\localhost2.jks -dname CN=localhost,OU=B,O=ASF,ST=MD,C=US
+   
+3. Create the certificate signing request
+   keytool -certreq -keyalg RSA -alias tomcat -file 
demoCA\csr\localhost2-req.pem -keystore demoCA\keystores\localhost2.jks
+   
+4. Sign the certificate
+   openssl ca -config openssl.cnf -days 730 -out 
demoCA\newcerts\localhost2-cert.pem -infiles demoCA\csr\localhost2-req.pem
+   Java uses PRINTABLESTRING. OpenSSL expects UTF8STRING.
+   openssl ca -policy policy_anything -config openssl.cnf -days 730 -out 
demoCA\newcerts\localhost2-cert.pem -infiles demoCA\csr\localhost2-req.pem
+
+5. Import the certificate chain
+   keytool -import -alias ca -keystore demoCA\keystores\localhost2.jks 
-trustcacerts -file demoCA\cacert.pem
+   
+6. Import the signed certificate
+   keytool -import -alias tomcat -keystore demoCA\keystores\localhost2.jks 
-file demoCA\newcerts\localhost2-cert.pem
+   
+7. Install keystore
+   <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+              maxThreads="150" SSLEnabled="true">
+       <SSLHostConfig>
+           <Certificate certificateKeystoreFile="conf/localhost2.jks"
+                        type="RSA" />
+       </SSLHostConfig>
+   </Connector>
+

Added: tomcat/site/trunk/docs/presentations/2016-05-acna-Monitoring Apache 
Tomcat with JMX.pdf
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/presentations/2016-05-acna-Monitoring%20Apache%20Tomcat%20with%20JMX.pdf?rev=1919868&view=auto
==============================================================================
Binary file - no diff available.

Propchange: tomcat/site/trunk/docs/presentations/2016-05-acna-Monitoring Apache 
Tomcat with JMX.pdf
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: tomcat/site/trunk/docs/presentations/2016-05-acna-Seamless Upgrades for 
Credential Security in Apache Tomcat.pdf
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/presentations/2016-05-acna-Seamless%20Upgrades%20for%20Credential%20Security%20in%20Apache%20Tomcat.pdf?rev=1919868&view=auto
==============================================================================
Binary file - no diff available.

Propchange: tomcat/site/trunk/docs/presentations/2016-05-acna-Seamless Upgrades 
for Credential Security in Apache Tomcat.pdf
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Modified: tomcat/site/trunk/xdocs/presentations.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/presentations.xml?rev=1919868&r1=1919867&r2=1919868&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/presentations.xml (original)
+++ tomcat/site/trunk/xdocs/presentations.xml Tue Aug 13 15:33:03 2024
@@ -579,7 +579,7 @@ li.targeted {
 <ul>
 <li>Connector selection: BIO vs NIO vs NIO2 vs APR (markt) <a 
href="https://www.youtube.com/watch?v=LBSWixIwMmU";>video</a></li>
 <li>TLS key/certificate generation (markt) <a 
href="https://www.youtube.com/watch?v=I6TbMqH9WFg";>video</a>,
-    <a 
href="http://home.apache.org/~markt/presentations/2016-01-25-TLS-key-certificate-generation/script.txt";>script</a></li>
+    <a 
href="presentations/2016-01-25-webinar-TLS-key-certificate-generation-script.txt">script</a></li>
 <li>Introducing Apache Tomcat 8.5 (markt) <a 
href="https://www.youtube.com/watch?v=kBJCIpPLWm0";>video</a></li>
 </ul>
 </subsection>



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to