tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sonny Sukumar" <ahimsad...@hotmail.com>
Subject Re: [HELP!] Which key alias names to use for SSL?
Date Sat, 11 Oct 2003 22:43:30 GMT

Update: I did a "keytool -list" with the "-rfc" options and discovered that 
all the certs *are* in fact there, but just that public/private key were 
bundled together under the same alias.  The way it lists the certs by 
default is what confused me.

HOWEVER, I uploaded the keystore to our server, set up server.xml, and 
restarted Tomcat, but every single secure connection I attempt just times 
out.  I don't understand why this happens.

Here's my server.xml SSL connector:

   <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
               port="8443" minProcessors="5" maxProcessors="75"
               enableLookups="true"
           acceptCount="100" debug="0" scheme="https" secure="true"
               useURIValidationHack="false" disableUploadTimeout="true"
               compression="on">
      <Factory 
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
               clientAuth="false" protocol="TLS" keystorePass="changeit"
               keystoreFile="conf/.keystore"/>
    </Connector>

Btw, does anybody know how to secure the server.xml file?  It contains some 
clear text passwords, so this really concerns me! (Yes, I know "changeit" is 
the default password even without specifying it here).

Also, I don't currently have any <security-contraint>s set in my web.xml.

Thanks for any insights!

Sonny

>From: "Sonny Sukumar" <ahimsadesi@hotmail.com>
>Reply-To: ssukumar@ecologyfund.net
>To: tomcat-user@jakarta.apache.org
>Subject: Re: [HELP!] Which key alias names to use for SSL?
>Date: Sat, 11 Oct 2003 14:12:17 -0700
>
>
>Hi Adam,
>
>Your first step was:
>># keytool -genkey -alias tomcat -keyalg RSA
>
>and your last step was:
>># keytool -import trustcacerts -file public.crt -alias tomcat
>
>So you used the same alias ("tomcat") for both the private key and the 
>signed public key.  This is what doesn't work for me, because when I import 
>the signed public key using the same ("tomcat") alias, my private key gets 
>overwritten.  I've verified this using "keytool list -keystore ./.keystore"
>
>I also have the root cert from GeoTrust in there with alias "root".  The 
>root cert is actually an Equifax cert valid from 1998 to 2018, but the 
>GeoTrust tech support rep told me to use that one.  Could this be the 
>problem?
>
>Other ideas?
>
>Thanks,
>
>Sonny
>
>>From: Adam Hardy <ahardy.struts@cyberspaceroad.com>
>
>>On 10/11/2003 09:08 PM Sonny Sukumar wrote:
>>>
>>>[I sent this once before, but got no response, and I'm not sure what to 
>>>do.  Thanks in advance.]
>>>
>>>Hi guys,
>>>
>>>I'm trying to setup my Tomcat (4.1.27) server to work with SSL.  I got a 
>>>CA-signed cert to go with my private key and CA root cert, but I'm 
>>>confused as to how to name the alias for the CA-signed-cert and my 
>>>private key.
>>>
>>>The Tomcat SSL How-To is confusing me, becuase it says to give the 
>>>"tomcat" alias to both the private key and the CA-signed key.  I tried it 
>>>and it overwrote my private key (luckily I made a backup of my keystore).
>>>
>>>I'm looking at this documentation:
>>>http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
>>>
>>>It also doesn't seem possible to configure the alias names in server.xml. 
>>>  So what alias names should I use? :-)
>
>_________________________________________________________________
>Instant message with integrated webcam using MSN Messenger 6.0. Try it now 
>FREE!  http://msnmessenger-download.com
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>

_________________________________________________________________
Share your photos without swamping your Inbox.  Get Hotmail Extra Storage 
today! http://join.msn.com/?PAGE=features/es


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message