...
This realm type allows you to configure Web applications to authenticate users against it. To get to that point, you will need to first configure Geronimo to use a custom SSL port listener and to get to that point you will need to configure SSL keys and keystore. The following sections describe step-by-step how to configure each of these modules.
...
This is a PKCS10 certification request, you should copy this text and paste it into a flat txt file so it can be sent to a CA.
...
You can now click Back to return to the private key details portlet.
For this example we used a custom, home made CA so we could sign our own certificates for this test without altering the standard procedure. Assuming that you sent you CSR to a CA, the CA should respond back with another similar file containing the CA signed certificate.
...
From the private key details portlet click on Import CA reply. Remove any pre-filled text in the certificate reply window and paste the text from the CA reply file and click on Save.
...
In order to enable client authentication you will need to import the CA who signed your CSR as a trusted certificate, this process has to be only once. The CA should provide along with the signed CSR a separate certificate for the CA itself. For this example we are using our own CA so we generated the following CA certificate.
...
While in the Keystore Configuration portlet click on the keystore file you created and then click on Add Trust Certificate. Delete any pre-filled content from Trusted Certificate window and paste the content from the CA certificate and add an alias to this certificate.
...