tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sonny Sukumar" <>
Subject Re: [HELP!] Which key alias names to use for SSL?
Date Sat, 11 Oct 2003 22:43:30 GMT

Update: I did a "keytool -list" with the "-rfc" options and discovered that 
all the certs *are* in fact there, but just that public/private key were 
bundled together under the same alias.  The way it lists the certs by 
default is what confused me.

HOWEVER, I uploaded the keystore to our server, set up server.xml, and 
restarted Tomcat, but every single secure connection I attempt just times 
out.  I don't understand why this happens.

Here's my server.xml SSL connector:

   <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
               port="8443" minProcessors="5" maxProcessors="75"
           acceptCount="100" debug="0" scheme="https" secure="true"
               useURIValidationHack="false" disableUploadTimeout="true"
               clientAuth="false" protocol="TLS" keystorePass="changeit"

Btw, does anybody know how to secure the server.xml file?  It contains some 
clear text passwords, so this really concerns me! (Yes, I know "changeit" is 
the default password even without specifying it here).

Also, I don't currently have any <security-contraint>s set in my web.xml.

Thanks for any insights!


>From: "Sonny Sukumar" <>
>Subject: Re: [HELP!] Which key alias names to use for SSL?
>Date: Sat, 11 Oct 2003 14:12:17 -0700
>Hi Adam,
>Your first step was:
>># keytool -genkey -alias tomcat -keyalg RSA
>and your last step was:
>># keytool -import trustcacerts -file public.crt -alias tomcat
>So you used the same alias ("tomcat") for both the private key and the 
>signed public key.  This is what doesn't work for me, because when I import 
>the signed public key using the same ("tomcat") alias, my private key gets 
>overwritten.  I've verified this using "keytool list -keystore ./.keystore"
>I also have the root cert from GeoTrust in there with alias "root".  The 
>root cert is actually an Equifax cert valid from 1998 to 2018, but the 
>GeoTrust tech support rep told me to use that one.  Could this be the 
>Other ideas?
>>From: Adam Hardy <>
>>On 10/11/2003 09:08 PM Sonny Sukumar wrote:
>>>[I sent this once before, but got no response, and I'm not sure what to 
>>>do.  Thanks in advance.]
>>>Hi guys,
>>>I'm trying to setup my Tomcat (4.1.27) server to work with SSL.  I got a 
>>>CA-signed cert to go with my private key and CA root cert, but I'm 
>>>confused as to how to name the alias for the CA-signed-cert and my 
>>>private key.
>>>The Tomcat SSL How-To is confusing me, becuase it says to give the 
>>>"tomcat" alias to both the private key and the CA-signed key.  I tried it 
>>>and it overwrote my private key (luckily I made a backup of my keystore).
>>>I'm looking at this documentation:
>>>It also doesn't seem possible to configure the alias names in server.xml. 
>>>  So what alias names should I use? :-)
>Instant message with integrated webcam using MSN Messenger 6.0. Try it now 
>To unsubscribe, e-mail:
>For additional commands, e-mail:

Share your photos without swamping your Inbox.  Get Hotmail Extra Storage 

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message