tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Chen <ac...@packetmotion.com>
Subject Re: Using HTTPS with keystore and trust store files
Date Thu, 26 Feb 2004 18:00:29 GMT
Thanks, Rommel,

Rommel Sharma wrote:

>What I can say is this:
>1. In keystoreFile attribute provide the complete path
>(C:\MyCertFolder\mykeystore.ks)
>    Same for truststore.
>
>2. Where do I specify the file that store the client's certificate?
>In your client code that makes a call to the https specify the location of
>the keystore and in the server side code that you will will write, get the
>message context
>(someting like:
>  MessageContext context = MessageContext.getCurrentContext();
>  ...
>  HttpServletRequest req = (HttpServletRequest)context .getProperty
>(HTTPConstants.MC_HTTP_SERVLETREQUEST);
>
> // and the code to match the client certificate with the client keystore on
>the server
>// so you specify its location on the server having the same client
>keystore...
>)
>
>Hope this helps,
>Regards,
>Rommel.
>
>----- Original Message -----
>From: "Alex Chen" <achen@packetmotion.com>
>To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
>Sent: Wednesday, February 25, 2004 11:30 PM
>Subject: Using HTTPS with keystore and trust store files
>
>  
>
>>Hi,
>>  I am trying to set up Tomcat for HTTPS connection with keystore and
>>truststore files.  I want to use Tomcat as the
>>web server so the port number is 80 and 443 for HTTP and HTTPS,
>>respectively. I am running Tomcat on Windows XP.
>>
>>Here is the 'Connector' entry in %CATALINA_HOME%\conf\server.xml.
>>   <Connector port="443"
>>               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>>               enableLookups="false" disableUploadTimeout="true"
>>               acceptCount="100" debug="0" scheme="https" secure="true"
>>               clientAuth="true" sslProtocol="TLS"
>>               keystoreFile="server.ks" keystoreType="JCEKS"
>>               keystorePass="changeit"
>>               truststoreFile="server.ts" truststoreType="JCEKS" >
>>    </Connector>
>>
>>When I start tomcat, I get the following error:
>>
>>java.io.FileNotFoundException: server.ks (The system cannot find the
>>file specif
>>ied)
>>        at java.io.FileInputStream.open(Native Method)
>>        at java.io.FileInputStream.<init>(FileInputStream.java:106)
>>        at java.io.FileInputStream.<init>(FileInputStream.java:66)
>>        at
>>org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket
>>Factory.java:262)
>>        at
>>org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc
>>ketFactory.java:232)
>>......
>>
>>I tried to put the file in different places, the user's home directory
>>in C:\Documents and Settings\%user%\,
>>%CATALINA_HOME%\,  %CATALINA_HOME%\webapps, %CATALINA_HOME%\webapps\ROOT,
>>but they all failed.
>>
>>My questions are:
>>1. Where should the keystore file be stored if I set the 'keystoreFile'
>>attribute in Connector element?
>>
>>2.  If I set 'clientAuth' to true, shouldn't there be a place to store
>>the the client's certificate, i.e. the truststore?
>>     Where do I specify the file that store the client's certificate?
>>     I saw the truststoreFile attribute in an example from
>>http://www.j2ee-security.net/book/sample-chap/
>>     It sets this attribute in a 'Factory' subelement.  But that is for
>>Tomcat 4.X.
>>
>>Any help is appreciated.
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>    
>>
>
>*********************************************************
>Disclaimer
>
>This message (including any attachments) contains 
>confidential information intended for a specific 
>individual and purpose, and is protected by law. 
>If you are not the intended recipient, you should 
>delete this message and are hereby notified that 
>any disclosure, copying, or distribution of this
>message, or the taking of any action based on it, 
>is strictly prohibited.
>
>*********************************************************
>Visit us at http://www.mahindrabt.com
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message