tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dhaval Patel <dhava...@yahoo.com>
Subject RE: SSL InvalidKeystore Format?
Date Thu, 01 Dec 2005 20:08:47 GMT
Hi,

  I should have mention that I am running tomcat as a standalone server. I mentioned the link
(http://www.fatofthelan.com/articles/articles.php?pid=12) as a reference to generate self-signed
certificate with OpenSSL on windows. Even though it is very nice article about how to setup
SSL
with Apache. I only applied part-3 (Generate a test certificate) from that article to my
Tomcat+SSL procedure.

  One thing that I found intersting on that article is part-4 (Configuring Apache and mod_ssl).
In
this part, if you look at changes in httpd.conf, as mentioned below,

SSLEngine o­n
SSLCertificateFile conf/ssl/server.cert
SSLCertificateKeyFile conf/ssl/server.key

  which is the same parameter that Remy has suggested. If I have found this article early,
I may
be able to solve the issue. But again since I figured it out, I like it now.

Regards.
D



--- Scott Purcell <spurcell@vertisinc.com> wrote:

> Hello Dhaval,
> 
> I was reading the article below, and it looks you you are not running Tomcat as standalone?
Are
> you running Apache behind the scenes?
> 
> I was just curious.
> 
> Scott
> 
> 
> -----Original Message-----
> From: Dhaval Patel [mailto:dhaval04@yahoo.com]
> Sent: Thursday, December 01, 2005 8:49 AM
> To: Tomcat Users List
> Subject: Re: SSL InvalidKeystore Format?
> 
> 
> Hi Scott,
> 
>   I am not tomcat expert as well as I can not help you about the error you are getting.

>   After Remy's last message on SSL with APR, I finally got my windows xp + tomcat 5.5.12
+ APR +
> SSL working. Following are the steps that I have followed:
> 
> (1) Install Tomcat 5.5.12 and make sure it is working.
> (2) Download APR component (openssl.exe and tcnative-1.dll) and put it in %TOMCAT_HOME%\bin.
> (http://tomcat.heanet.ie/native/1.1.0/binaries/win32/)
> (3) I generated server.key and server.cert following guide at
> http://www.fatofthelan.com/articles/articles.php?pid=12 .I have put them in %TOMCAT_HOME%\bin
> only.
> (Make sure you follow the guide. I had trouble setting openssl.exe on windows xp. The
answer is
> on
> that page only. You have to download openssl.cnf from google and place it in some folder
and
> make
> a new environment OPENSSL_CONF pointing to that file. Trust me that link is very good.)
> (4) Change the server.xml in following way:
>     <Connector port="443" maxHttpHeaderSize="8192"
>                maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>                enableLookups="false" disableUploadTimeout="true"
> 			   scheme="https" secure="true"
>                SSLEngine="on"
>                SSLCertificateFile="C:\Tomcat5.5\bin\server.crt"
>                SSLCertificateKeyFile="C:\Tomcat5.5\bin\server.key" />
> (5) Restart the tomcat and SSL is enabled.
> 
>    I dont know if you have did the same way and you have issues. If you want to try,
you can
> follow the above steps on some other windows xp machine. It worked for me so it should
work for
> you. If you start from scratch, it may take about 30-40 mins to setup above things.
> 
>    Let me know how it goes.
> 
> Regards,
> D
> 
> --- Scott Purcell <spurcell@vertisinc.com> wrote:
> 
> > Well, after wasting much time trying to get the SSL running on 5.5.12, on XP, and
finding out
> > about the bad tcnative-1.dll, I thought I was out of the woods on my SSL configuration.
But it
> > appears I have one last issue (hopefully)
> > Since I renamed the tcnative-1.dll, I am getting logs in regards to my SSL (I was
not getting
> > those prior, see earlier posts) and I am receiving this error: I believe I have
a good
> keystore,
> > because my public key from Verisign was happy with it, but for some reason, Tomcat
is stikll
> not
> > happy with it.
> > Any ideas why this error may occur?
> > Nov 30, 2005 10:44:53 PM org.apache.coyote.http11.Http11BaseProtocol init
> > INFO: Initializing Coyote HTTP/1.1 on http-80
> > Nov 30, 2005 10:44:54 PM org.apache.coyote.http11.Http11BaseProtocol init
> > SEVERE: Error initializing endpoint
> > java.io.IOException: Invalid keystore format
> > at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
> > at java.security.KeyStore.load(Unknown Source)
> > at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:282)
> > at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustStore(JSSESocketFactory.java:256)
> > at
> >
>
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getTrustManagers(JSSE14SocketFactory.java:174)
> > at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:109)
> > at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:88)
> > at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292)
> > at org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:137)
> > at org.apache.catalina.connector.Connector.initialize(Connector.java:1016)
> > at org.apache.catalina.core.StandardService.initialize(StandardService.java:580)
> > at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:762)
> > at org.apache.catalina.startup.Catalina.load(Catalina.java:488)
> > at org.apache.catalina.startup.Catalina.load(Catalina.java:508)
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> > at java.lang.reflect.Method.invoke(Unknown Source)
> > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247)
> > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
> > Nov 30, 2005 10:44:54 PM org.apache.catalina.startup.Catalina load
> > SEVERE: Catalina.start
> > LifecycleException: Protocol handler initialization failed: java.io.IOException:
Invalid
> > keystore format
> > at org.apache.catalina.connector.Connector.initialize(Connector.java:1018)
> > at org.apache.catalina.core.StandardService.initialize(StandardService.java:580)
> > at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:762)
> > at org.apache.catalina.startup.Catalina.load(Catalina.java:488)
> > at org.apache.catalina.startup.Catalina.load(Catalina.java:508)
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> > at java.lang.reflect.Method.invoke(Unknown Source)
> > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247)
> > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
> > Nov 30, 2005 10:44:54 PM org.apache.catalina.startup.Catalina load
> > INFO: Initialization processed in 1890 ms
> > Nov 30, 2005 10:44:54 PM org.apache.catalina.core.StandardService start 
> > 
> > 
> >                                                  
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> > 
> > 
> 
> 
> 
> 		
> __________________________________ 
> Yahoo! Music Unlimited 
> Access over 1 million songs. Try it free. 
> http://music.yahoo.com/unlimited/
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 



	
		
__________________________________ 
Start your day with Yahoo! - Make it your home page! 
http://www.yahoo.com/r/hs

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message