tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Monte.Gard...@asu.edu
Subject Re: SSL Servlet Client
Date Tue, 22 Oct 2002 19:48:00 GMT
OK, I think I've got to where I understand the problem more clearly 
then i did yesterday. Here it is.  When I followed the tomcat ssl how to
and typed
keytool -genkey -alias tomcat -keyalg RSA
it created a keystore file called /root/.keystore in which a key aliased
by 'tomcat' was stored.  This key is what tomcat uses to present a certificate
to any client that requests an SSL session.  

Now what I want to do is create a Java Client that will connect to Tomcat
via SSL and communicate with one of it's servlets.  When Tomcat receives
the request, it sends it's 'tomcat' certificate.  However, when the Java
client receives that certificate, it looks in a list of certificates found
in 
$JAVA_HOME/jre/lib/security/cacerts
and doesn't find a certificate that matches the one it receives, so it 
throws an exception: 
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown

So, what I need to do is put a copy of the Tomcat certificate in the cacerts
file.  So I tried using a combination of keytool -import / -export to copy
the certificate over.  It seemed like I was succesfull in doing so, but
when I rebooted tomcat and ran the webpage again, I got the same
exception.  Have I misunderstood the problem or the key management 
process somehow?

here is the console output from when I tried to copy the certificate:

[root@rho /root]# keytool -export -alias tomcat -file cert.cer -keystore
.keysto re
Enter keystore password:  changeit
Certificate stored in file <cert.cer>
[root@rho /root]# keytool -import -alias tomcat -file cert.cer -keystore
$DOCUTRAK/tomcat
Enter keystore password:  changeit
Owner: CN=rho.abstrax.nan, OU=Abstrax, O=Abstrax, L=Mesz, ST=AZ, C=US
Issuer: CN=rho.abstrax.nan, OU=Abstrax, O=Abstrax, L=Mesz, ST=AZ, C=US
Serial number: 3db5698b
Valid from: Tue Oct 22 08:06:51 MST 2002 until: Mon Jan 20 08:06:51 MST 2003
Certificate fingerprints:
         MD5:  84:A4:4B:0D:F9:AE:2B:D2:4D:DD:84:0C:8F:D7:DD:EC
         SHA1: 67:AF:81:96:98:3F:0B:B3:84:BF:73:62:2A:45:05:C5:19:9C:F8:F1
Trust this certificate? [no]:  y
Certificate was added to keystore


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message