tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "jeg_ml@voila.fr"<jeg...@voila.fr>
Subject SSL handshake failure
Date Thu, 14 Jun 2001 12:07:14 GMT
Hello,
 I have a cert importation problem

 here is the output of an openSSL command (openssl s_client -connect 127.0.0.1:8443 -cert
cl_cert.pem -key cl_key.pem -state) :

 Enter PEM pass phrase:
 CONNECTED(00000003)
 SSL_connect:before/connect initialization
 SSL_connect:SSLv2/v3 write client hello A
 SSL3 alert read:fatal:handshake failure
 SSL_connect:error in SSLv2/v3 read server hello A
 1993:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:453:

 Can someone help me ?
 Is it a way to make it work without installing apache ?
 Thanks for your answer




 I have this tomcat configuration :


 <Connector className="org.apache.tomcat.service.PoolTcpConnector">
 <Parameter name="handler"
 value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
 <Parameter name="port"
 value="8443"/>
 <Parameter name="socketFactory"
 value="org.apache.tomcat.net.SSLSocketFactory" />
 <Parameter name="keystore"
 value="/opt/tomcat-3-2-2/tomcat/conf/keystore" />
 <Parameter name="keypass"
 value="pwd_sr" />
 <Parameter name="clientAuth"
 value="true" />
 </Connector>


 And that are all the lines procedure I entered to make it well work

 mkdir ./demoCA
 echo "" > ./demoCA/index.txt
 echo "01" > ./demoCA/serial

 # CA
 openssl req -new -out ca_req.pem -keyout ca_key.pem
 #pwd:pwd_ca
 #challenge_pwd:ch_ca
 #company name:THE_ORG

 # CLIENT
 openssl req -new -out cl_req.pem -keyout cl_key.pem
 #pwd:pwd_cl
 #ch_pwd:ch_cl
 #company name:THE_ORG 
 # SERVER
 openssl req -new -out sr_req.pem -keyout sr_key.pem
 #pwd:pwd_sr
 #ch_pwd:ch_sr
 #company name:THE_ORG 
 # CA AUTH 
 echo "CA AUTH : enter CA password"
 openssl req -x509 -in ca_req.pem -key ca_key.pem -out ca_cert.pem
 #pwd:pwd_ca
 rm ./demoCA/index.txt
 rm ./demoCA/serial
 cat "" > ./demoCA/index.txt
 cat "01" > ./demoCA/serial 

 # CLIENT AUTH BY CA 
 echo "CL AUTH : enter CA password"
 openssl ca -cert ca_cert.pem -in cl_req.pem -out cl_cert.pem -keyfile ca_key.pem -config
/usr/local/ssl/openssl.cnf
 #pwd:pwd_ca

 # SERVER AUTH BY CA 
 echo "SR AUTH : enter CA password"
 openssl ca -cert ca_cert.pem -in sr_req.pem -out sr_cert.pem -keyfile ca_key.pem -config
/usr/local/ssl/openssl.cnf
 #pwd:pwd_ca

 # CONVERT SERVER AUTH FROM PEM FORMAT TO DER FORMAT
 openssl x509 -inform PEM -in sr_cert.pem -outform DER -out sr_cert.der

 # REMOVE PREVIOUS KEYSTORE
 rm /opt/tomcat-3-2-2/tomcat/conf/keystore

 # IMPORT SERVER CERT IN TOMCAT KEYSTORE
 echo "IMPORT SR CERT : enter SR password"
 /usr/java/jdk1.3/bin/keytool -import -v -trustcacerts -alias tomcat -file sr_cert.der -keystore
/opt/tomcat-3-2-2/tomcat/conf/keystore
 #pwd:pwd_sr

 # CONVERTING CLIENT CERT INTO NETSCAPE PKCS12 FORMAT
 echo "CL CERT CONVERSION : PEM -> P12 : enter CL passwd"
 openssl pkcs12 -in cl_cert.pem -inkey cl_key.pem -export -out cl_cert.p12
 #pwd:pwd_cl
 #exp_pwd:pwd_cl

 # CONNECTION TO THE TOMCAT SERVER
 openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem -key cl_key.pem -state

__________________________________________________
Voila vous propose une boite aux lettres gratuite sur Voila Mail:
http://mail.voila.fr




Mime
View raw message