tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: 5.0.18 + keytool
Date Sun, 22 Feb 2004 21:09:43 GMT
You might try adding '-trustcacerts' to your import command (I'm not
interested enough to try it myself :).

However, the easiest way to do what you want (IMHO) is to use a PKCS12
keystore.  There is an example in the Tomcat5 ssl-howto.

"Stewart Walker" <swalker@caspercollege.edu> wrote in message
news:4035CFE4.9471.10C100@localhost...
> Wondering if I my message is getting out there as as I've seen no
> response.  Going to try again.
>
> Could really use your help getting past the below error while
> trying to setup/import a server certificate.
>
> The required jsse jar files are in
> $JAVA_HOME/jre/lib/ext
>
> The IBMJava was installed during the Linux install. As far
> as I can tell it isn't running anything and $JAVA_HOME/bin
> is first in the path. But I still wonder.
>
> keytool was run by root in $JAVA_HOME/bin
>
> Haven't done anything with apache yet our web based servlet app is
> working on 8080 with tomcat.
> Thanks.
>
> Linux ES 2.1
> 249-e.37 kernel
> j2sdk1.4.2_03
> tomcat5.0.18
>
> $PATH
>
> /usr/kerberos/sbin:
> /usr/kerberos/bin:
> /usr/java/j2sdk1.4.2_03/bin:
> /opt/IBMJava2-131/bin:
> /opt/IBMJava2-131/jre/bin:
> /usr/local/sbin:/sbin:/usr/sbin:
> /bin:/usr/bin:/usr/bin/X11:
> /usr/local/bin:
> /usr/bin:
> /usr/X11R6/bin:
> /root/bin:
>
> [root@]# ps aux |grep java
> root      2985 27.0  0.7 246712 29368 pts/5  S    08:38   0:04
> /usr/java/j2sdk1.
> root      2986  0.0  0.7 246712 29368 pts/5  S    08:38   0:00
> /usr/java/j2sdk1.
> this is just a snipit..
>
> [root@ssl/ca]#ls -l
> -rwxr-xr-x    1 root     apache        785 Feb 18 10:16 ca.csr
> -rwxr-xr-x    1 root     apache        887 Feb 18 10:16 ca.key
> -rwxr-xr-x    1 root     apache       1066 Feb 18 10:17 ca.pem
>
>
> root@bin]# openssl req -new -newkey /
> rsa:1024 -nodes -out /usr/java/ssl/ca/ca.csr /
> -keyout /usr/java/ssl/ca/ca.key
> Using configuration from /usr/share/ssl/openssl.cnf
> Generating a 1024 bit RSA private key
> .............++++++
> ......++++++
> writing new private key to '/usr/java/ssl/ca/ca.key'
> -----
> ok works fine
>
> root@bin]# openssl x509 -trustout /
> -signkey /usr/java/ssl/ca/ca.key /
> -days 720 -req -in /usr/java/ssl/ca/ca.csr /
> -out /usr/java/ssl/ca/ca.pem
> Signature ok
> subject=/C=US/ST=state/L=city/O=City state/OU=dept/CN=computer/Email=email
> Getting Private key
> ok works fine
>
> root@bin]# keytool -import -keystore /
> $JAVA_HOME/jre/lib/security/cacerts /
> -file /usr/java/ssl/ca/ca.pem -alias test_ca
> Enter keystore password:  changeit
> Exception in thread "main" java.lang.ExceptionInInitializerError
>         at javax.crypto.Cipher.a(DashoA6275)
>         at javax.crypto.Cipher.getInstance(DashoA6275)
>         at
>
com.baltimore.jcrypto.provider.crypto.signatures.RSASignature.<init>([DashoP
ro-
> V1.3-013000])
>         at
>
com.baltimore.jcrypto.provider.crypto.signatures.JCRYPTO_RSAwithMD5Signature

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message