tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Betz" <pb...@amnet.net.au>
Subject SSL problem
Date Mon, 05 Sep 2005 10:27:41 GMT
Hi,

I am having a problem here. I am using Jakarta Tomcat V5.5 (part of
jboss-4.0.2) and j2sdk1.4.2_08 on a Redhat Linux server.
I having been trying to register a signed certificate but have thus far
being unsuccessful.
It always comes out as a self-signed certificate. What am I doing wrong?
Details are as follows:

Here is what I have been doing:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Logged in and performed commands as jboss user because the J2EE and Jakarta
Tomcat environment is run under jboss user.

1. Generate a private key with the following command:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore
k-factor88.kdb

2. Generate the Certificate Signing Request (CSR)
$JAVA_HOME/bin/keytool -certreq -alias tomcat -keystore k-factor88.kdb -file
k-factor88.csr

3. Generate the Server Certificate
Submit k-factor88.csr to root certification authority and save returned
certificate into k-factor88.cer

4. Import the Server Certificate
$JAVA_HOME/bin/keytool -import -trustcacerts -keystore k-factor88.kdb -alias
root -file k-factor88.cer
Note: Keytool confirms that the certificate has been signed by a
certification authority. I choose to trust it.

5. Import the Trust Certificate
$JAVA_HOME/bin/keytool -import -trustcacerts -keystore k-factor88.kdb -alias
jboss -file UTN.cer
Note: UTN.cer is the certification authority certificate and needs to be
imported.

server.xml
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     <Connector port="8443" address="${jboss.bind.address}"
           maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
           emptySessionPath="true"
           scheme="https" secure="true" clientAuth="false"
           keystoreFile="${jboss.home.dir}/bin/certs/k-factor88.kdb"
           keystorePass="changeit" sslProtocol = "TLS" />



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message