search cancel

Set up Tomcat with OCSP certificates with Web Viewer 12.1

book

Article ID: 203382

calendar_today

Updated On:

Products

Output Management Web Viewer

Issue/Introduction

Tomcat needs to query the certificates thorough OCSP (Online Certificate Status Protocol )

Environment

Release : 12.1

Component : CA OUTPUT MANAGEMENT WEB VIEWER FOR ALL PLATFORMS

Resolution

  • Use the Java keytool to generate a self signed certificate.  It's OK to generate the OCSP certificate with keytool.  No need to download and use Openssl as it specifies on the Tomcat website.
  • Submit to CSR
  • CSR will submit to CA
  • CA will generate signed certificate and return
  • Import certificates into the .jks file (keystore).
  • Edit the Tomcat server.xml to point to the keystore.

For example:

 <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
               port="8443" maxThreads="200"
               scheme="https" secure="true" SSLEnabled="true"
               keystoreFile="C:\tomcat.jks" keystorePass="WebView12"  
               clientAuth="false" sslProtocol="TLS"/> 

Additional Information

Use  SSLShopper and/or Certificate Decoder utilities to examine certificates.