tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Raueber Hotzenplotz <fox_devils_w...@yahoo.co.uk>
Subject KeyStore question
Date Sun, 23 Oct 2005 20:16:03 GMT
Hmmm, having some email problems - not sure if I've already sent this.

Here is the link to the SSL java code again: http://stud4.tuwien.ac.at/~e9726342/


Hi all

I still want to use Tomcat with SSL (still not working). I've got a servlet
that acts as a CA.

1. Question(s):
Should I have separate keystores (JKS) for the web application and the Tomcat
server? Where do you usually place the Tomcat keystore? At the moment I'm
including the web application keystore in the war file and have the Tomcat
keystore stored somewhere else.

2. Question(s):
If I want to use SSL I don't need to change an existing servlet - Tomcat
handles secure requests. Is that correct? My problem is, web browsers accept my
selfsigned certificates (https://localhost:8443) (after I tell them to do so),
but as soon as I make a secure xmlrpc call to my servlet, I get
SSLHandshakeExeptions. Secure xmlrpc calls between two clients
(SecureWebServer/SecureXmlRpcClient) work. I've got my own 'open' trustmanager
and hostnameverifier (see link above). The only thing I changed was the
server.xml file (now includes keystore/password for Tomcat server). Are there
any other things? I also tried to add my selfsigned certificate to
$JAVA_HOME/jre/lib/security/cacerts, but that didn't help either. 

3. Question(s):
I've already asked in other places, but I still can't make it work. I would be
a very happy person, if someone could post a complete client + server code
using SSL preferably xmlrpc using javax.net.ssl instead of com.net.ssl (that's
a bit off topic). Do I need to implement my own trustmanager/hostnameverifier
on both sides client and server or just on the client side?

Thanks!!

Rudi


		
___________________________________________________________ 
How much free photo storage do you get? Store your holiday 
snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message