tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Raueber Hotzenplotz <fox_devils_w...@yahoo.co.uk>
Subject KeyStore question
Date Sun, 23 Oct 2005 12:55:08 GMT
Hi all

I still want to use Tomcat with SSL (still not working). I've got a servlet
that acts as a CA.

1. Question(s):
Should I have separate keystores (JKS) for the web application and the Tomcat
server? Where do you usually place the Tomcat keystore? At the moment I'm
including the web application keystore in the war file and have the Tomcat
keystore stored somewhere else.

2. Question(s):
If I want to use SSL I don't need to change an existing servlet - Tomcat
handles secure requests. Is that correct? My problem is, web browsers accept my
selfsigned certificates (https://localhost:8443) (after I tell them to do so),
but as soon as I make a secure xmlrpc call to my servlet, I get
SSLHandshakeExeptions. Secure xmlrpc calls between two clients
(SecureWebServer/SecureXmlRpcClient) work. I've got my own 'open' trustmanager
and hostnameverifier (see attached code). The only thing I changed was the
server.xml file (now includes keystore/password for Tomcat server). Are there
any other things? I also tried to add my selfsigned certificate to
$JAVA_HOME/jre/lib/security/cacerts, but that didn't help either. 

3. Question(s):
I've already asked in other places, but I still can't make it work. I would be
a very happy person, if someone could post a complete client + server code
using SSL preferably xmlrpc using javax.net.ssl instead of com.net.ssl (that's
a bit off topic). Do I need to implement my own trustmanager/hostnameverifier
on both sides client and server or just on the client side?

Thanks!!

Rudi





	
	
		
___________________________________________________________ 
Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com

Mime
View raw message