Creating SSL-based Web Applications using NCSA Certificates
Create Host Certificate
Log onto tungsten.ncsa.uiuc.edu or public-linux.ncsa.uiuc.edu and run
/usr/local/NCSA-CA/bin/ncsa-cert-request -host HOSTNAME
where HOSTNAME is the FQDN (fully-qualified domain name) of your Apache Web Server. Follow the directions filling in the appropriate information. The host certificate and key will be stored in ~/.globus/hostcert.pem and ~/.globus/hostkey.pem respectively. For more information on NCSA certificates and policies regarding their issuance, see http://www.ncsa.uiuc.edu/UserInfo/Grid/Security/
Download NCSA CA Certificate
Convert Host Certificate to Proper Format for Use in Tomcat
With the hostcert, hostkey, and CA from the previous step. Run the following commmand:
openssl pkcs12 -export -in hostcert.pem -inkey hostkey.pem \
-out mycert.p12 -name tomcat -CAfile 4a6cd8b1.0 \
-caname root -chain
Remember the password you choose for entering into server.xml. Set keystorePass to the password you chose.