tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: Help please: Tomcat 4.1.24 enable SSL
Date Thu, 24 Apr 2003 05:44:13 GMT
I'm assuming that you have done the obvious, and set the keystoreType
attribute on the Factory.

I've had problems with JSSE1.1.x (the JDK1.4 version) with reading a pkcs12
keystore that was generated by OpenSSL to include certificate chain.  I
guess that you have to complain to Sun (or other JDK vendor about this :).
Using a pkcs12 keystore works fine when it just has the server-cert, and
I've imported the signer into the cacerts.

"Balakrishna Kudaravalli" <bkudarav@cisco.com> wrote in message
news:4.3.2.7.2.20030423145346.04387a88@wells.cisco.com...
> Hi All,
>
> Update to my earlier mail:
>
> I am able to access https:// with the default generated certs. However,
> After I had imported the server cert (given by my internal IT folks) into
a
> keystore and specified the keystoreFile & keystorePass attribute in
> server.xml Tomcat startsup but https:// does not work and there is no
> exception logged (http:// works fine though).
>
> Wondering if any one of you had got this problem. Any info, would be very
> helpful.
>
> Thank you.
> -Bala
>
>
>
> Hi All,
>
> Issue: Enabling SSL for Tomcat 4.1.24
>
> 1. I have created a cert using keytool -genkey -alias tomcat -keyalg
> RSA  and have given a password "changeit" (default)
> 2. Uncommented SSL coyote HTTP/1.1 connector in server.xml. Since the
> Keystore is at a deafault loc, I have not given a keystoreFile attribute
> 3. On starting up Tomcat, HTTPS works fine
>
> Issue:
> 4. Now, I need to replace the default cert with the certs provided by our
> internal folks. How do I do that ? the certs provided to me are in pkcs 12
> format:
>
> 5. Should I convert the pkcs12 certs into x509 ?
>
> 6. What certs should I import into the keystore (server, client, ca) ?
>
> Your help would be greatly appreciated.
>
> Thank you,
> -Bala




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message