Signing your certificate with the Technology and Planning CA

Added by Dustin Schultz, last edited by Susan Bramhall on Feb 20, 2009  (view change)

You must complete Generating a self signed certificate before continuing

About

In order to do proxy authentication and recieve a proxy granting ticket from CAS, you'll need to have a SSL certificate that is signed by the TP certificate authority.

Signing your Certificate with the TP CA

JAVA_HOME refers to the location of where Java is installed, usually C:\Program Files\Java\jdk1.6.0\ on Windows and /usr/lib/jvm/java-6-sun on Ubuntu Linux. Default keystore password is: changeit

First, generate a certificate signing request (assuming you gave alias tomcat to the generated cert.

JAVA_HOME\bin\keytool -certreq -file mycertreq.csr -alias tomcat

Next, send a request to Unix Systems and request to have your certificate signed by the TP certificate authority, attaching your certificate signing request file

Unix Systems will reply with your signed certificate.   The certificate file should be of the form:

-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxx hex data xxxxxxxxx
-----END CERTIFICATE-----

Ensure there are no extra spaces at the end of the file otherwise you will have problems.

Import the TP root cert into your local and Java keystores. It is attached to this page here

JAVA_HOME\bin\keytool -import -file tp_root.crt -alias tp_root
JAVA_HOME\bin\keytool -import -file tp_root.crt -keystore JAVA_HOME/jre/lib/security/cacerts -alias tp_root

When prompted  whether to trust the certificate reply yes.  Dialogue sould look something like this:

Owner: EMAILADDRESS=webmaster@tp.its.yale.edu, CN=Yale University ITS Technology & Planning, OU=ITS
Technology & Planning, O=Yale University, L=New Haven, ST=Connecticut, C=US
Issuer: EMAILADDRESS=webmaster@tp.its.yale.edu, CN=Yale University ITS Technology & Planning, OU=ITS
 Technology & Planning, O=Yale University, L=New Haven, ST=Connecticut, C=US
Serial number: 0
Valid from: Mon Jul 12 15:57:06 EDT 2004 until: Thu Jul 10 15:57:06 EDT 2014
Certificate fingerprints:
         MD5:  7B:02:B3:54:A0:E0:87:F1:BD:8B:EB:87:00:C8:B4:A7
         SHA1: A1:15:0C:5C:EE:C5:C6:2A:AB:B6:39:D0:6A:FD:99:E6:CB:23:EF:8D
Trust this certificate? [no]:  yes
Certificate was added to keystore

Import your tp signed certificate to you received from Unix Systems using the same alias as you did Generating a self signed certificate.

JAVA_HOME\bin\keytool -import -file mytpsignedcert.crt -alias tomcat
JAVA_HOME\bin\keytool -import -file mytpsignedcert.crt -keystore JAVA_HOME/jre/lib/security/cacerts -alias tomcat

You should see a response like this:

Certificate reply was installed in keystore

Labels

 
(None)