tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert J. Sanford, Jr." <rsanf...@trefs.com>
Subject RE: Installing IIS Certificates in Tomcat?
Date Sat, 09 Aug 2003 15:01:35 GMT
That's great advice but it doesn't answer my basic question of whether or
not I can import a certificate that was issued based on a request generated
by IIS.

rjsjr

> My experience was using IIS with Tomcat was very slow
> and it is pain in the neck to use tackle with ISAPI
> connector and the rest.. It is better to have either
> Apache or directly use Tomcat servers
>
> -----Original Message-----
> From: Robert J. Sanford, Jr. [mailto:rsanford@trefs.com]
> Sent: Friday, August 08, 2003 6:11 PM
> To: tomcat-user@jakarta.apache.org
> Subject: Installing IIS Certificates in Tomcat?
>
>
> > I'm running Tomcat inside of jboss-3.2.1_tomcat-4.1.24
> > but I think the issue will be the same independent of
> > that. The platform is Win2K SP3. The plan is to use
> > Tomcat's HTTP server instead of IIS with the AJP ISAPI
> > connector. Since all requests are being handled by
> > servlets with no static content why even get IIS
> > involved? Anyway...
>
> > I attempted to take an existing certificate whose
> > request was generated by IIS and import it into a
> > keystore and use that as the basis for my SSL
> > crypto. When I attempted to connect via IE the
> > connection failed (a site not found error) and the
> > exception tree at the bottom of this message was
> > generated. I spent a lot of time reading the JBoss
> > SSL docs, reading the Tomcat SSL docs, searching
> > the Tomcat and JBoss archives, playing with my
> > configuration, trying to figure out what ciphers
> > were installed, making sure that the CA certificate
> > (for testing we use an internal CA) was imported
> > into the keystore, etc., etc., etc. None of it
> > worked. Everything resulted in the exception chain
> > below or something similar.
>
> > Finally I just decided to go through the instructions
> > for generating a new local key, a new certificate
> > request, get the certificate from my internal
> > certificate authority and import everything into a
> > new keystore. It worked with a minor warning saying
> > that the machine name on the certificate did not
> > match the actual machine name. I'm not sure how to
> > resolve that immediately but I don't see that as a
> > major issue right now since this is only for testing
> > purposes.
>
> > My big questions are:
> > 1) Is there any way that I can import an
> >    existing certificate that was generated
> >    based on a request originated in IIS
> >    into my keystore and have that be
> >    accepted by Tomcat?
> > 2) Or, do I have to go to my IT manager
> >    and tell him that he needs to go to
> >    Verisign and get additional
> >    certificates for IP addresses that
> >    we already have certificates for?
> > 3) Or, should I just use IIS and the
> >    existing certificates to front Tomcat?
> >
> > Many thanks for the assist!
> >
> > rjsjr
> >
> > 2003-08-07 14:22:55,919 DEBUG
> > [org.apache.tomcat.util.net.PoolTcpEndpoint]
> > Handshake failed
> > javax.net.ssl.SSLHandshakeException: no cipher suites in common
> > at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > at com.sun.net.ssl.internal.ssl.SunJSSE_aw.b(DashoA6275)
> > at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
> > at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
> > at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
> > at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
> > at
> > org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JS
> > SESocketFactor
> > y.java:290)
> > at
> > org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoi
> > nt.java:540)
> > at
> > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
> > ThreadPool.java:619)
> > at java.lang.Thread.run(Thread.java:536)
> >
> > 2003-08-07 14:22:55,939 DEBUG
> > [org.apache.tomcat.util.net.PoolTcpEndpoint]
> > Handshake failed
> > javax.net.ssl.SSLException: Unsupported SSL v2.0 ClientHello
> > at com.sun.net.ssl.internal.ssl.InputRecord.b(DashoA6275)
> > at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
> > at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
> > at
> > org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JS
> > SESocketFactory.java:290)
> > at
> > org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoi
> > nt.java:540)
> > at
> > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
> > ThreadPool.java:619)
> > at java.lang.Thread.run(Thread.java:536)
> >


Mime
View raw message