To setup SSL with Tomcat I needed to edit the server.xml file under the conf directory and then create a keystore file that Tomcat will use to verify trusted certificates sent from the federated servers.
The initial command I ran was:
>>>> : keytool -genkey -alias amf -keyalg RSA -keystore tomcat.keystore [-file 111C353A88F.crt]
The last part of the command with the -file command line argument wasn't needed. I basically created a keystore file named tomcat.keystore and a new self-signed certificate where the Java keytool prompted me with some questions listed below:
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: Andrew Fernandez
What is the name of your organizational unit?
What is the name of your organization?
[Unknown]: Ping Identity
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?
Is CN=Andrew Fernandez, OU=Engineering, O=Ping Identity, L=Denver, ST=CO, C=US correct?
Enter key password for
(RETURN if same as keystore password):
After this I verified what was in my keystore using this command:
>>>> : keytool -list -v -keystore tomcat.keystore
Since I didn't yet have the certificate from the federate side I then ran this command, making sure I had the *.crt file I needed to place in the keystore in the same directory:
>>>>> : keytool -import -trustcacerts -alias amf2 -file 111C353A88F.crt -keystore tomcat.keystore
Finally I use export the base certificate from Tomcat and import into my Federated server
>>>>> : keytool -exportcert -alias amf -file amfIDP -keystore tomcat.keystore
Where -alias is what the certificate goes by in the keystore file, -file is what I want to call the exported certifacate, and -keystore the actually keystore where I'll be getting the certifcate to export from.
Deletion is pretty straighforward:
>>>>> : keytool -delete -alias amf -keystore tomcat.keystore
Just specify -delete, -alias the certificate you want to delete, and the keystore you want to delete from