tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Richard Mixon" <>
Subject RE: KeyStore question
Date Sun, 23 Oct 2005 14:26:30 GMT
Sorry I do not have any experience with keystores. The list traffic is
pretty slow, so you are unlikely (not impossible) to get an answer before
HTH - Richard

-----Original Message-----
From: Raueber Hotzenplotz [] 
Sent: Sunday, October 23, 2005 7:21 AM
To: Tomcat Users List
Subject: Re: KeyStore question

Here is the link to the source code files:

--- Raueber Hotzenplotz <> wrote:

> Hi all
> I still want to use Tomcat with SSL (still not working). I've got a 
> servlet that acts as a CA.
> 1. Question(s):
> Should I have separate keystores (JKS) for the web application and the 
> Tomcat server? Where do you usually place the Tomcat keystore? At the 
> moment I'm including the web application keystore in the war file and 
> have the Tomcat keystore stored somewhere else.
> 2. Question(s):
> If I want to use SSL I don't need to change an existing servlet - 
> Tomcat handles secure requests. Is that correct? My problem is, web 
> browsers accept my selfsigned certificates (https://localhost:8443) 
> (after I tell them to do so), but as soon as I make a secure xmlrpc 
> call to my servlet, I get SSLHandshakeExeptions. Secure xmlrpc calls 
> between two clients
> (SecureWebServer/SecureXmlRpcClient) work. I've got my own 'open'
> trustmanager
> and hostnameverifier (see attached code). The only thing I changed was 
> the server.xml file (now includes keystore/password for Tomcat 
> server). Are there any other things? I also tried to add my selfsigned 
> certificate to $JAVA_HOME/jre/lib/security/cacerts, but that didn't help
> 3. Question(s):
> I've already asked in other places, but I still can't make it work. I 
> would be a very happy person, if someone could post a complete client 
> + server code using SSL preferably xmlrpc using instead 
> of (that's a bit off topic). Do I need to implement my own 
> trustmanager/hostnameverifier on both sides client and server or just 
> on the client side?
> Thanks!!
> Rudi
> ___________________________________________________________
> Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with 
> voicemail
> > --------------------------------------------------------------------
> > -
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To help you stay safe and secure online, we've developed the all new Yahoo!
Security Centre.

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message