httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ravi kumar <ravindra_lu...@yahoo.co.in>
Subject Re: [users@httpd] Export CACertificate to Tomcat
Date Thu, 05 Aug 2010 15:41:43 GMT

Hi,

Confirm if u want certificate for apache or tomcat?
If it is apache then "filename.crt" file will work, but if it is for tomcat then u will 
need
"filename.keystore" is required.





Below
command is used to generate .key file in Linux using phase key



openssl
genrsa -des3 1024 > filename.key








Below
command is used to generate csr file in Linux





openssl
req -new -key /root/csr/filename.key > filename.csr
==========================================



Step 1: Generate
a keystore in pkcs12 format using the Certificate (.crt) and the Private Key
(.key) files

 

openssl pkcs12 -in
<yourfile.crt> -inkey <yourfile.key> -export -out <keystore
name> -name tomcat

 

The keystore file will be generated into the folder where
OpenSSL binary is located

 







Step 2: Once the
keystore is generated, configure the SSL factory in server.xml file to use it






Example:

 

<clientAuth="false" sslprotocol="TLS" keystoreFile="C:\Program\tomcat/keystore"
keystorePass="mypassword" truststorePass="mypassword" keystoreType="pkcs12" />




Note :- Sometimes providerroot file is required.
Ex. If i purchased my certificate from "thawte" then i will
require "thawteroot.csr" and will merge this with my "filename.csr" and install on the server.



Hope above solution works for you.


Thanks,
Ravi


--- On Thu, 5/8/10, Tina Exner <texner@picturesafe.de> wrote:

From: Tina Exner <texner@picturesafe.de>
Subject: Re: [users@httpd] Export CACertificate to Tomcat
To: users@httpd.apache.org
Date: Thursday, 5 August, 2010, 3:49 PM





  


did nobody know a solution for this problem?







  
  hi all,

  

we have a nexus multiid server for certificate authentication.

i try to pass the client smartcard certificates from apache to tomcat
server. 

the tomcat talks to the nexus and the authentication take effect.

  

when i try to export the client ca certificate to the tomcat server

 i get the following errors:

  

[Mon Aug 02 15:36:40 2010] [error] [client] Certificate Verification:
Error (20): unable to get local issuer certificate

[Mon Aug 02 15:36:40 2010] [error] [client] Re-negotiation handshake
failed: Not accepted by client!?

  

@Firefox:

(Fehlercode: ssl_error_unknown_ca_alert)

  

  

  this is my ssl configuration:

  

  <IfModule ssl_module>

          SSLVerifyClient none

          SSLVerifyDepth 5

  

          #SSLOptions +ExportCertData +StrictRequire +StdEnvVars
+FakeBasicAuth

          SSLOptions +ExportCertData

  

          #SSLCACertificateFile conf/ssl/Certificate.cer

          

      </IfModule>

  

       <Location /nexus>

                SSLVerifyClient         require

                SSLVerifyDepth          5

  

                #SSLCACertificateFile   
/ps/apache2.2/testsystem1/conf/ssl/Certificate.crt

                #SSLOptions             +ExportCertData +StrictRequire
+StdEnvVars +FakeBasicAuth

                SSLOptions              +ExportCertData +StdEnvVars

                #SSLRequireSSL

       </Location>

  

  

my jk.conf:

  

  JkExtractSSL          On

  JkHTTPSIndicator      HTTPS

  JkSESSIONIndicator    SSL_SESSION_ID

  JkCIPHERIndicator     SSL_CIPHER

  JkCERTSIndicator      SSL_CLIENT_CERT

  JkEnvVar              SSL_CLIENT_CERT SSL_CLIENT_CERT

  JkOptions             +ForwardSSLCertChain

  

  

  i use apache 2.2.13-3 and openssl
0.9.8a.

  

  Any hints on what might have gone wrong
will
be highly useful.

  

  regards

Tin

  

  

 



Mime
View raw message