tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oliver Wulff <>
Subject Antwort: Re: Antwort: RE: SSL, keystore with ca hierarchy
Date Thu, 29 Jan 2004 06:06:39 GMT

I've done this and it does work. Now I wanted to turn client authentication
on: clientAuth="true"

But it doesn't work. I've registred the ca certificates after I've imported
the openssl certificate:
keytool -import -keystore %KEYSTORE_FILE% -storepass 123456 -alias root
-trustcacerts -file CA_Root_APU.pem
keytool -import -keystore %KEYSTORE_FILE% -storepass 123456 -alias
server_ca -trustcacerts -file CA_Server_APU.pem

BTW, I'm running Tomcat 4.1.29 and JDK 1.4.1_02.


                      "Bill Barker"                                                      
                      <wbarker@wilshire        An:
                      .com>                    Kopie:                                 
                      Gesendet von:            Thema:    Re: Antwort: RE: SSL, keystore with
ca hierarchy                              
                      26.01.2004 00:53                                                   
                      Bitte antworten                                                    
                      an "Tomcat Users                                                   

There is a utility at to import your
OpenSSL certs into a JKS keystore.  Alternatively, the ssl_howto for TC 5.x
contains an example of how to configure a PKCS12 keystore from an OpenSSL

"Mark Thomas" <> wrote in message
> > I can't do step 1 and 2 because the certificate and private
> > key has been
> > created already with openssl.
> > The file TestServer_APU.pem contains the private key and
> > certificate in the
> > PEM format.
> > Should that work either?
> Sorry, no idea. You may need to convert formats. A quick Google found
> that
> help if a format conversion is required.
> > Does the cacerts has to be located in
> > %JAVA_HOME%\jre\lib\security\cacerts
> > or can I place it anywhere else?
> See for how to configure
> store locations.
> Mark

To unsubscribe, e-mail:
For additional commands, e-mail:

******************* BITTE BEACHTEN *******************
Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet
möglicherweise vertrauliche oder gesetzlich geschützte Daten oder
Informationen. Zum Empfang derselben ist (sind) ausschliesslich die
genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht
irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter
Ausschluss jeder Reproduktion zu zerstören und die absendende Person
umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message