...
- Create a certificate
- Get the certificate certificates signed by a Trusted 3rd Party (in theory this is optional, though most browser/Java-based clients will not connect to a self-signed certificate)Configure the tomcat server (via the "infinite.configuration.properties" file) to support SSL
- Drop the required certificate certificates into the tomcat home directory ("/usr/tomcat6/share"appropriate apache directories (see below)
- For EC2 installs using a load-balancer, upload the certificate to EC2.
...
There is nothing Infinit.e-specific about certificate creation. The systems administrator should consult other help sources for certificate creation.
The official tomcat6 documentation is here.
This web-page provides a good overview of certificate creation in practice (and also discusses getting it signed by a 3rd party, see the next section).
...
The chosen Trusted Authority will likely have instructions on their website, as an example, here is GoDaddy's (which we successfully followed for *.ikanow.com).
Integration with Infinit.e Enterprise
TODO link to apache specific documentation
The first thing the systems administrator will need to do is copy their certificate, private key, and certificate authority certificate into a location that is not accessible to apache. In Redhat, CentOS, this location is in /etc/pki/tls/*. In the example below, ca.crt is the certificate, ca.key is the private key, and ca_bundle.crt is the certificate authority certificate.
...