tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: SSL problem
Date Mon, 05 Sep 2005 18:16:38 GMT
For 5, import the CA cert to $JAVA_HOME/jre/lib/security/cacerts

Do 4 after 5.

If you do it right, you shouldn't see the prompt to trust the CA as it 
is already in your list of trusted certs.

Also, check the server cert you get back is indeed what you expect.

Mark

Peter Betz wrote:
> Hi,
> 
> I am having a problem here. I am using Jakarta Tomcat V5.5 (part of
> jboss-4.0.2) and j2sdk1.4.2_08 on a Redhat Linux server.
> I having been trying to register a signed certificate but have thus far
> being unsuccessful.
> It always comes out as a self-signed certificate. What am I doing wrong?
> Details are as follows:
> 
> Here is what I have been doing:
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Logged in and performed commands as jboss user because the J2EE and Jakarta
> Tomcat environment is run under jboss user.
> 
> 1. Generate a private key with the following command:
> $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore
> k-factor88.kdb
> 
> 2. Generate the Certificate Signing Request (CSR)
> $JAVA_HOME/bin/keytool -certreq -alias tomcat -keystore k-factor88.kdb -file
> k-factor88.csr
> 
> 3. Generate the Server Certificate
> Submit k-factor88.csr to root certification authority and save returned
> certificate into k-factor88.cer
> 
> 4. Import the Server Certificate
> $JAVA_HOME/bin/keytool -import -trustcacerts -keystore k-factor88.kdb -alias
> root -file k-factor88.cer
> Note: Keytool confirms that the certificate has been signed by a
> certification authority. I choose to trust it.
> 
> 5. Import the Trust Certificate
> $JAVA_HOME/bin/keytool -import -trustcacerts -keystore k-factor88.kdb -alias
> jboss -file UTN.cer
> Note: UTN.cer is the certification authority certificate and needs to be
> imported.
> 
> server.xml
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>      <Connector port="8443" address="${jboss.bind.address}"
>            maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
>            emptySessionPath="true"
>            scheme="https" secure="true" clientAuth="false"
>            keystoreFile="${jboss.home.dir}/bin/certs/k-factor88.kdb"
>            keystorePass="changeit" sslProtocol = "TLS" />
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message