tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rommel Sharma" <romm...@mahindrabt.com>
Subject Re: Using HTTPS with keystore and trust store files
Date Mon, 26 Jan 2004 13:47:16 GMT
What I can say is this:
1. In keystoreFile attribute provide the complete path
(C:\MyCertFolder\mykeystore.ks)
    Same for truststore.

2. Where do I specify the file that store the client's certificate?
In your client code that makes a call to the https specify the location of
the keystore and in the server side code that you will will write, get the
message context
(someting like:
  MessageContext context = MessageContext.getCurrentContext();
  ...
  HttpServletRequest req = (HttpServletRequest)context .getProperty
(HTTPConstants.MC_HTTP_SERVLETREQUEST);

 // and the code to match the client certificate with the client keystore on
the server
// so you specify its location on the server having the same client
keystore...
)

Hope this helps,
Regards,
Rommel.

----- Original Message -----
From: "Alex Chen" <achen@packetmotion.com>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Sent: Wednesday, February 25, 2004 11:30 PM
Subject: Using HTTPS with keystore and trust store files

> Hi,
>   I am trying to set up Tomcat for HTTPS connection with keystore and
> truststore files.  I want to use Tomcat as the
> web server so the port number is 80 and 443 for HTTP and HTTPS,
> respectively. I am running Tomcat on Windows XP.
>
> Here is the 'Connector' entry in %CATALINA_HOME%\conf\server.xml.
>    <Connector port="443"
>                maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>                enableLookups="false" disableUploadTimeout="true"
>                acceptCount="100" debug="0" scheme="https" secure="true"
>                clientAuth="true" sslProtocol="TLS"
>                keystoreFile="server.ks" keystoreType="JCEKS"
>                keystorePass="changeit"
>                truststoreFile="server.ts" truststoreType="JCEKS" >
>     </Connector>
>
> When I start tomcat, I get the following error:
>
> java.io.FileNotFoundException: server.ks (The system cannot find the
> file specif
> ied)
>         at java.io.FileInputStream.open(Native Method)
>         at java.io.FileInputStream.<init>(FileInputStream.java:106)
>         at java.io.FileInputStream.<init>(FileInputStream.java:66)
>         at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket
> Factory.java:262)
>         at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc
> ketFactory.java:232)
> ......
>
> I tried to put the file in different places, the user's home directory
> in C:\Documents and Settings\%user%\,
> %CATALINA_HOME%\,  %CATALINA_HOME%\webapps, %CATALINA_HOME%\webapps\ROOT,
> but they all failed.
>
> My questions are:
> 1. Where should the keystore file be stored if I set the 'keystoreFile'
> attribute in Connector element?
>
> 2.  If I set 'clientAuth' to true, shouldn't there be a place to store
> the the client's certificate, i.e. the truststore?
>      Where do I specify the file that store the client's certificate?
>      I saw the truststoreFile attribute in an example from
> http://www.j2ee-security.net/book/sample-chap/
>      It sets this attribute in a 'Factory' subelement.  But that is for
> Tomcat 4.X.
>
> Any help is appreciated.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>

*********************************************************
Disclaimer

This message (including any attachments) contains 
confidential information intended for a specific 
individual and purpose, and is protected by law. 
If you are not the intended recipient, you should 
delete this message and are hereby notified that 
any disclosure, copying, or distribution of this
message, or the taking of any action based on it, 
is strictly prohibited.

*********************************************************
Visit us at http://www.mahindrabt.com




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message