tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott Purcell" <purce...@charter.net>
Subject Re: SSL InvalidKeystore Format?
Date Fri, 02 Dec 2005 01:27:17 GMT
Hard to believe ... but Dhaval the below steps actually worked, and my site
appears to have SSL. Thank you so much. But of course this draws me to
another question.

I had just purchased a "Verisign" certificate and do not know how to handle
this? Can I just call the Verisign certificate when doing this:
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days
365 and using the one verisign gave me here?

Also, is this a good certificate? Do I need the Verisign one?

As you may be able to tell, I am very confused and could use a little
explanation if possible.

Thanks much
Scott



----- Original Message -----
From: "Dhaval Patel" <dhaval04@yahoo.com>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Thursday, December 01, 2005 2:08 PM
Subject: RE: SSL InvalidKeystore Format?


> Hi,
>
>   I should have mention that I am running tomcat as a standalone server. I
mentioned the link
> (http://www.fatofthelan.com/articles/articles.php?pid=12) as a reference
to generate self-signed
> certificate with OpenSSL on windows. Even though it is very nice article
about how to setup SSL
> with Apache. I only applied part-3 (Generate a test certificate) from that
article to my
> Tomcat+SSL procedure.
>
>   One thing that I found intersting on that article is part-4 (Configuring
Apache and mod_ssl). In
> this part, if you look at changes in httpd.conf, as mentioned below,
>
> SSLEngine o­n
> SSLCertificateFile conf/ssl/server.cert
> SSLCertificateKeyFile conf/ssl/server.key
>
>   which is the same parameter that Remy has suggested. If I have found
this article early, I may
> be able to solve the issue. But again since I figured it out, I like it
now.
>
> Regards.
> D
>
>
>
> --- Scott Purcell <spurcell@vertisinc.com> wrote:
>
> > Hello Dhaval,
> >
> > I was reading the article below, and it looks you you are not running
Tomcat as standalone? Are
> > you running Apache behind the scenes?
> >
> > I was just curious.
> >
> > Scott
> >
> >
> > -----Original Message-----
> > From: Dhaval Patel [mailto:dhaval04@yahoo.com]
> > Sent: Thursday, December 01, 2005 8:49 AM
> > To: Tomcat Users List
> > Subject: Re: SSL InvalidKeystore Format?
> >
> >
> > Hi Scott,
> >
> >   I am not tomcat expert as well as I can not help you about the error
you are getting.
> >   After Remy's last message on SSL with APR, I finally got my windows xp
+ tomcat 5.5.12 + APR +
> > SSL working. Following are the steps that I have followed:
> >
> > (1) Install Tomcat 5.5.12 and make sure it is working.
> > (2) Download APR component (openssl.exe and tcnative-1.dll) and put it
in %TOMCAT_HOME%\bin.
> > (http://tomcat.heanet.ie/native/1.1.0/binaries/win32/)
> > (3) I generated server.key and server.cert following guide at
> > http://www.fatofthelan.com/articles/articles.php?pid=12 .I have put them
in %TOMCAT_HOME%\bin
> > only.
> > (Make sure you follow the guide. I had trouble setting openssl.exe on
windows xp. The answer is
> > on
> > that page only. You have to download openssl.cnf from google and place
it in some folder and
> > make
> > a new environment OPENSSL_CONF pointing to that file. Trust me that link
is very good.)
> > (4) Change the server.xml in following way:
> >     <Connector port="443" maxHttpHeaderSize="8192"
> >                maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
> >                enableLookups="false" disableUploadTimeout="true"
> >    scheme="https" secure="true"
> >                SSLEngine="on"
> >                SSLCertificateFile="C:\Tomcat5.5\bin\server.crt"
> >                SSLCertificateKeyFile="C:\Tomcat5.5\bin\server.key" />
> > (5) Restart the tomcat and SSL is enabled.
> >
> >    I dont know if you have did the same way and you have issues. If you
want to try, you can
> > follow the above steps on some other windows xp machine. It worked for
me so it should work for
> > you. If you start from scratch, it may take about 30-40 mins to setup
above things.
> >
> >    Let me know how it goes.
> >
> > Regards,
> > D
> >
> > --- Scott Purcell <spurcell@vertisinc.com> wrote:
> >
> > > Well, after wasting much time trying to get the SSL running on 5.5.12,
on XP, and finding out
> > > about the bad tcnative-1.dll, I thought I was out of the woods on my
SSL configuration. But it
> > > appears I have one last issue (hopefully)
> > > Since I renamed the tcnative-1.dll, I am getting logs in regards to my
SSL (I was not getting
> > > those prior, see earlier posts) and I am receiving this error: I
believe I have a good
> > keystore,
> > > because my public key from Verisign was happy with it, but for some
reason, Tomcat is stikll
> > not
> > > happy with it.
> > > Any ideas why this error may occur?
> > > Nov 30, 2005 10:44:53 PM org.apache.coyote.http11.Http11BaseProtocol
init
> > > INFO: Initializing Coyote HTTP/1.1 on http-80
> > > Nov 30, 2005 10:44:54 PM org.apache.coyote.http11.Http11BaseProtocol
init
> > > SEVERE: Error initializing endpoint
> > > java.io.IOException: Invalid keystore format
> > > at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
> > > at java.security.KeyStore.load(Unknown Source)
> > > at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory
.java:282)
> > > at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustStore(JSSESocketFa
ctory.java:256)
> > > at
> > >
> >
>
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getTrustManagers(JSSE14S
ocketFactory.java:174)
> > > at
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory
.java:109)
> > > at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFac
tory.java:88)
> > > at
org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java
:292)
> > > at
org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:137
)
> > > at
org.apache.catalina.connector.Connector.initialize(Connector.java:1016)
> > > at
org.apache.catalina.core.StandardService.initialize(StandardService.java:580
)
> > > at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:762)
> > > at org.apache.catalina.startup.Catalina.load(Catalina.java:488)
> > > at org.apache.catalina.startup.Catalina.load(Catalina.java:508)
> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> > > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> > > at java.lang.reflect.Method.invoke(Unknown Source)
> > > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247)
> > > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
> > > Nov 30, 2005 10:44:54 PM org.apache.catalina.startup.Catalina load
> > > SEVERE: Catalina.start
> > > LifecycleException: Protocol handler initialization failed:
java.io.IOException: Invalid
> > > keystore format
> > > at
org.apache.catalina.connector.Connector.initialize(Connector.java:1018)
> > > at
org.apache.catalina.core.StandardService.initialize(StandardService.java:580
)
> > > at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:762)
> > > at org.apache.catalina.startup.Catalina.load(Catalina.java:488)
> > > at org.apache.catalina.startup.Catalina.load(Catalina.java:508)
> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> > > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> > > at java.lang.reflect.Method.invoke(Unknown Source)
> > > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247)
> > > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
> > > Nov 30, 2005 10:44:54 PM org.apache.catalina.startup.Catalina load
> > > INFO: Initialization processed in 1890 ms
> > > Nov 30, 2005 10:44:54 PM org.apache.catalina.core.StandardService
start
> > >
> > >
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > > For additional commands, e-mail: users-help@tomcat.apache.org
> > >
> > >
> >
> >
> >
> >
> > __________________________________
> > Yahoo! Music Unlimited
> > Access over 1 million songs. Try it free.
> > http://music.yahoo.com/unlimited/
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
>
>
>
>
>
> __________________________________
> Start your day with Yahoo! - Make it your home page!
> http://www.yahoo.com/r/hs
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message