tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oliver Wulff <oliver.wu...@zurich.ch>
Subject Antwort: Re: Antwort: RE: SSL, keystore with ca hierarchy
Date Thu, 29 Jan 2004 06:06:39 GMT




I've done this and it does work. Now I wanted to turn client authentication
on: clientAuth="true"

But it doesn't work. I've registred the ca certificates after I've imported
the openssl certificate:
keytool -import -keystore %KEYSTORE_FILE% -storepass 123456 -alias root
-trustcacerts -file CA_Root_APU.pem
keytool -import -keystore %KEYSTORE_FILE% -storepass 123456 -alias
server_ca -trustcacerts -file CA_Server_APU.pem

BTW, I'm running Tomcat 4.1.29 and JDK 1.4.1_02.

Oliver



                                                                                         
                                             
                      "Bill Barker"                                                      
                                             
                      <wbarker@wilshire        An:       tomcat-user@jakarta.apache.org
                                               
                      .com>                    Kopie:                                 
                                                
                      Gesendet von:            Thema:    Re: Antwort: RE: SSL, keystore with
ca hierarchy                              
                      news                                                               
                                             
                      <news@sea.gmane.o                                               
                                                
                      rg>                                                             
                                                
                                                                                         
                                             
                                                                                         
                                             
                      26.01.2004 00:53                                                   
                                             
                      Bitte antworten                                                    
                                             
                      an "Tomcat Users                                                   
                                             
                      List"                                                              
                                             
                                                                                         
                                             
                                                                                         
                                             




<broken-record>
There is a utility at http://www.comu.de/docs/tomcat_ssl.htm to import your
OpenSSL certs into a JKS keystore.  Alternatively, the ssl_howto for TC 5.x
contains an example of how to configure a PKCS12 keystore from an OpenSSL
keystore.
</broken-record>

"Mark Thomas" <markt@apache.org> wrote in message
news:E1Akp5n-0003VQ-00@deer.gmane.org...
> > I can't do step 1 and 2 because the certificate and private
> > key has been
> > created already with openssl.
> > The file TestServer_APU.pem contains the private key and
> > certificate in the
> > PEM format.
> > Should that work either?
>
> Sorry, no idea. You may need to convert formats. A quick Google found
> https://lists.freeswan.org/archives/users/2003-August/msg00040.html that
may
> help if a format conversion is required.
>
> > Does the cacerts has to be located in
> > %JAVA_HOME%\jre\lib\security\cacerts
> > or can I place it anywhere else?
>
> See http://java.sun.com/products/jsse/install.html for how to configure
trust
> store locations.
>
> Mark




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org









******************* BITTE BEACHTEN *******************
Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet
möglicherweise vertrauliche oder gesetzlich geschützte Daten oder
Informationen. Zum Empfang derselben ist (sind) ausschliesslich die
genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht
irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter
Ausschluss jeder Reproduktion zu zerstören und die absendende Person
umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe.


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message