tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carl Yau <c...@technoworks.net>
Subject Re: SSL - keytool import problem -more
Date Wed, 06 Jun 2001 15:42:12 GMT

I think it's a bug pending for fix as i have seen the problem being 
posted repeatedly for months and no one has concrete solution, at 
least, not found in this mailing list.

Carl

mlecza@amsnet.com wrote:
> 
> I also noticed that when Tomcat is starting I see the following line when
> using the -genkey key:
> 
> found key for : tomcat
> 
> When Starting Toncat using the imported key this line does not appear.
> 
> Regards
> 
> 
>                     mlecza@amsnet
>                     .com                 To:     tomcat-user@jakarta.apache.org
>                                          cc:
>                     06/06/2001           Subject:     SSL - keytool import problem
>                     07:30 AM
>                     Please
>                     respond to
>                     tomcat-user
> 
> 
> 
> Playing around with Tomcat/SSL (no apache) and am having a problem hitting
> a secure page if the certificate was imported.  At first I thought it was a
> problem with the Verisign test certificate but if I create a ket with
> -genkey (which works fine), export it, then import it I have a problem
> hitting the secure page.
> 
> Here is the series of events to duplicate:
> 
> - Create the key: keytool -genkey -alias tomcat -keyalg RSA
> - Start Tomcat and test SSL by hitting https://locathost:8443 (page loads
> fine)
> 
> - Export the generated key: keytool -export -v -file export.cert -alias
> tomcat
> - Delete the existing key: keytool -delete -alias tomcat
> - Import the key: keytool -import -v -trustcacerts -file export.cert -alias
> tomcat
> - Restart Tomcat
> - Test hitting same SSL page:  Page does't come up.  With debugs turned on
> I see the followingin handshake error in the console:
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 
> [EmbeddedTomcat] Thread-29, READ:  SSL v3.0 Handshake, length = 85
> [EmbeddedTomcat] *** ClientHello, v3.0
> RandomCookie:  GMT: 893495682 bytes = { 102, 116, 141, 221, 165, 181, 15,
> 239, 0
> , 124, 42, 42, 154, 126, 160, 241, 45, 203, 148, 236, 162, 155, 198, 169,
> 9, 194
> , 82, 45[EmbeddedTomcat]  }
> Session ID:  [EmbeddedTomcat] {59, 30, 11, 188, 5, 132, 214, 51, 19, 148,
> 194, 1
> 81, 128, 47, 236, 94, 112, 99, 131, 88, 222, 2, 98, 172, 83, 12, 246, 170,
> 60, 1
> 18, 167, 10}
> Cipher Suites:  { 0, 100, 0, 98, 0, 3, 0, 6, 0, 99[EmbeddedTomcat]  }
> Compression Methods:  { 0[EmbeddedTomcat]  }
> [EmbeddedTomcat] ***
> [EmbeddedTomcat] [read] MD5 and SHA1 hashes:  len = 85
> 0000: 01 00 00 51 03 00 35 42   AA 82 66 74 8D DD A5 B5  ...Q..5B..ft....
> 0010: 0F EF 00 7C 2A 2A 9A 7E   A0 F1 2D CB 94 EC A2 9B  ....**....-.....
> 0020: C6 A9 09 C2 52 2D 20 3B   1E 0B BC 05 84 D6 33 13  ....R- ;......3.
> 0030: 94 C2 B5 80 2F EC 5E 70   63 83 58 DE 02 62 AC 53  ..../.^pc.X..b.S
> 0040: 0C F6 AA 3C 76 A7 0A 00   0A 00 64 00 62 00 03 00  ...<v.....d.b...
> 0050: 06 00 63 01 00                                     ..c..
> [EmbeddedTomcat] %% Created:  [Session-1, SSL_NULL_WITH_NULL_NULL]
> Thread-29, SEND SSL v3.0 ALERT:  fatal, [EmbeddedTomcat] description =
> handshake
> _failure
> [EmbeddedTomcat] Thread-29, WRITE:  SSL v3.0 Alert, length = 2
> 2001-06-06 07:15:39 - Ctx(  ): 400 R( /) null
> 2001-06-06 07:15:39 - Ctx(  ): IOException in: R( /) Socket closed
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 
> Am I missing something with the import?  If I delete and run -genkey again
> it works OK again.  Just cannot get the import working.  Same result when
> importing a Versign test certificate.
> Has anyone been able to import a certificate and get it to work?
> 
> Any help/suggestions much appreciated.
> 
> Regards

Mime
View raw message