tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Bainbridge <jbainbri...@gmail.com>
Subject Re: SSL
Date Wed, 27 Apr 2005 21:14:19 GMT
On 4/27/05, jejones@playstation.sony.com <jejones@playstation.sony.com> wrote:
> So I am new, obviously with the keytool use.. attached is the cert.txt
> file resulting from the keytool -list -v.. I changed the CSR data.. but
> the format is there... do you see anything wrong with the file?

Hazarding a guess but it looks like you created the CSR in a different
.keystore and then imported Verisign's certificate into this one as
the tomcat alias should look something like:

Alias name: tomcat
Creation date: Jan 28, 2005
Entry type: keyEntry
Certificate chain length: 4
Certificate[1]:
Owner: CN=XXX, OU=XXX, O=XXXXX, L=XXXXXX, ST=XXXXXX, C=XXXXX
Issuer: CN=XXXXXXXXXXXXXXXXXXXX
Serial number: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Valid from: Fri Jan 28 00:00:24 GMT 2005 until: Sun Jan 28 00:00:24 GMT 2007
Certificate fingerprints:
	 MD5:  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	 SHA1: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Then because that one has a chain length of 4 it has 3 other certs in
the chain, then each of those have their own aliases as well.

Your verisgn cert isn't in any chain and I'm guessing the reason is
because it's not where the CSR was generated from so you either need
to find that .keystore or do another .CSR from this or another new
.keystore and import the trusted cert you receive from that CSR.

The all important part is the .CSR needs to match with the trusted
cert you get back.
 
> -jrj
> 
> Jason Bainbridge wrote:
> 
> >On 4/26/05, jejones@playstation.sony.com <jejones@playstation.sony.com> wrote:
> >
> >
> >>Finially, some progress; but not exactly what I wanted... I made the "F"
> >>uppercase, stopped/started the server; now it's refusing connections.
> >>This is from the log file:
> >>
> >>Apr 26, 2005 2:19:46 PM org.apache.tomcat.util.net.PoolTcpEndpoint
> >>acceptSocket
> >>SEVERE: Endpoint [SSL:
> >>
> >>
> >
> >when doing these steps:
> >
> >Import the Chain Certificate into you keystore
> >
> >keytool -import -alias root -keystore <your_keystore_filename>
> >-trustcacerts -file <filename_of_the_chain_certificate>
> >
> >And finally import your new Certificate (It must be in X509 format):
> >
> >keytool -import -alias tomcat -keystore <your_keystore_filename>
> >-trustcacerts -file <your_certificate_filename>
> >
> >Did you specify the full path names? I would backup the .keystore and
> >then try again by specifying full path names to make sure.
> >
> >Sounds like you have an incomplete .keystore being used.
> >
> >
> >
> >
> 
> 
> 
> Keystore type: jks
> Keystore provider: SUN
> 
> Your keystore contains 2 entries
> 
> Alias name: root
> Creation date: Apr 21, 2005
> Entry type: trustedCertEntry
> 
> Owner: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign
International Server CA - Class 3, OU="VeriSign, Inc.", O=VeriSign Trust Network
> Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
> Serial number: 254b8a853842cce358f8c5ddae226ea4
> Valid from: Wed Apr 16 17:00:00 PDT 1997 until: Mon Oct 24 16:59:59 PDT 2011
> Certificate fingerprints:
>          MD5:  BC:0A:51:FA:C0:F4:7F:DC:62:1C:D8:E1:15:43:4E:CC
>          SHA1: C2:F0:08:7D:01:E6:86:05:3A:4D:63:3E:7E:70:D4:EF:65:C2:CC:4F
> 
> *******************************************
> *******************************************
> 
> Alias name: tomcat
> Creation date: Apr 21, 2005
> Entry type: trustedCertEntry
> 
> Owner: CN=????, OU=????, O=????, L=????, ST=California, C=US
> Issuer: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign
International Server CA - Class 3, OU="VeriSign, Inc.", O=VeriSign Trust Network
> Serial number: 46fefd812464db21ede3b8e4f39a9218
> Valid from: Wed Apr 06 17:00:00 PDT 2005 until: Fri Apr 07 16:59:59 PDT 2006
> Certificate fingerprints:
>          MD5:  D3:9B:5C:E3:41:D9:6D:AD:DE:62:2B:E0:E1:74:5B:FD
>          SHA1: 37:55:D7:35:82:FA:13:33:F2:45:4E:13:92:8C:73:3B:7C:11:D8:61
> 
> *******************************************
> *******************************************
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 


-- 
Jason Bainbridge
http://kde.org - webmaster@kde.org
Personal Site - http://jasonbainbridge.com

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message