tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GOMEZ Henri <hgo...@slib.fr>
Subject RE: SSL handshake failure URGENT
Date Fri, 15 Jun 2001 08:16:51 GMT
>First, thanks to have taken the time to help me :)
>But I fear I didn't understand the answer :(
>where must I enter the same name as what ?
>
>example : I am under Linux, the hostname is "thehostname"
>is that that you call server name, or is it a name that you 
>enter in the server.xml file (if yes with witch tag ?)

if your server is thehostname you respond that when 
openssl ask the COMMON NAME is SERVER CERT GENERATION :

>> > # SERVER
>> > openssl req -new -out sr_req.pem -keyout sr_key.pem
>> > #pwd:pwd_sr
>> > #ch_pwd:ch_sr
>> > #company name:THE_ORG 


>And where must I enter the same name as the servername ?
>what field of witch openSSL command ?
>
>Thanks for your answer !
>
>                 JEG
>
>> > # CA
>> > openssl req -new -out ca_req.pem -keyout ca_key.pem
>> > #pwd:pwd_ca
>> > #challenge_pwd:ch_ca
>> > #company name:THE_ORG
>> >
>> > # CLIENT
>> > openssl req -new -out cl_req.pem -keyout cl_key.pem
>> > #pwd:pwd_cl
>> > #ch_pwd:ch_cl
>> > #company name:THE_ORG 
>> > # SERVER
>> > openssl req -new -out sr_req.pem -keyout sr_key.pem
>> > #pwd:pwd_sr
>> > #ch_pwd:ch_sr
>> > #company name:THE_ORG 
>> > # CA AUTH 
>> > echo "CA AUTH : enter CA password"
>> > openssl req -x509 -in ca_req.pem -key ca_key.pem -out ca_cert.pem
>> > #pwd:pwd_ca
>> > rm ./demoCA/index.txt
>> > rm ./demoCA/serial
>> > cat "" > ./demoCA/index.txt
>> > cat "01" > ./demoCA/serial 
>> >
>> > # CLIENT AUTH BY CA 
>> > echo "CL AUTH : enter CA password"
>> > openssl ca -cert ca_cert.pem -in cl_req.pem -out cl_cert.pem 
>> >-keyfile ca_key.pem -config /usr/local/ssl/openssl.cnf
>> > #pwd:pwd_ca
>> >
>> > # SERVER AUTH BY CA 
>> > echo "SR AUTH : enter CA password"
>> > openssl ca -cert ca_cert.pem -in sr_req.pem -out sr_cert.pem 
>> >-keyfile ca_key.pem -config /usr/local/ssl/openssl.cnf
>> > #pwd:pwd_ca
>> >
>> > # CONVERT SERVER AUTH FROM PEM FORMAT TO DER FORMAT
>> > openssl x509 -inform PEM -in sr_cert.pem -outform DER -out 
>sr_cert.der
>> >
>> > # REMOVE PREVIOUS KEYSTORE
>> > rm /opt/tomcat-3-2-2/tomcat/conf/keystore
>> >
>> > # IMPORT SERVER CERT IN TOMCAT KEYSTORE
>> > echo "IMPORT SR CERT : enter SR password"
>> > /usr/java/jdk1.3/bin/keytool -import -v -trustcacerts -alias 
>> >tomcat -file sr_cert.der -keystore 
>> >/opt/tomcat-3-2-2/tomcat/conf/keystore
>> > #pwd:pwd_sr
>> >
>> > # CONVERTING CLIENT CERT INTO NETSCAPE PKCS12 FORMAT
>> > echo "CL CERT CONVERSION : PEM -> P12 : enter CL passwd"
>> > openssl pkcs12 -in cl_cert.pem -inkey cl_key.pem -export -out 
>> >cl_cert.p12
>> > #pwd:pwd_cl
>> > #exp_pwd:pwd_cl
>> >
>> > # CONNECTION TO THE TOMCAT SERVER
>> > openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem 
>> >-key cl_key.pem -state
>
>
>__________________________________________________
>Voila vous propose une boite aux lettres gratuite sur Voila Mail:
>http://mail.voila.fr
>
>
>

Mime
View raw message