tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tschaef...@acesoft.com
Subject Re: RE Tomcat and SSL
Date Wed, 12 Apr 2006 16:07:43 GMT
"Klaus-F. Kaal" <klaus.kaal@timologic.com> wrote on 04/12/2006 11:11:16 
AM:

> Hi Franck, still tomcat moans that the keystore was tampered or password 

> was incorrect.
> 
> I am not sure about the password. With all questions, I gave my own and 
> allways the same. Was that correct?
> 
> Klaus
> 
> 
> 
> 
> Franck Borel schrieb:
> >
...
> >>
> >>
> > Ok, Klaus. I think the problem is that Tomcat don't accept your 
> > openssl crt.  Tomcat operates only with JKS or PKCS12 (--> OpenSSL) 
> > format keystores and there are some limitations on the support for 
> > PKCS12. So, try this:
> >
> > 1) keytool -genkey -alias tomcat -keyalg RSA -keystore 
> > /opt/tomcat/bin/.keystore --> creates key
> > 2) keytool -export -alias tomcat -file tomcat-server.crt -keystore 
> > /opt/tomcat/bin/.keystore --> creates certificate and signs it with 
> > your key
> > 3) keytool -import -file tomcat-server.crt -keystore 
> > /opt/tomcat/conf/cacerts --> creates a Keystore cacerts and add your 
> > certificate
> >
> > Now, edit your server.xml:
> >
> > <Connector port="443"
> >    maxThreads="150"
> >    minSpareThreads="25"
> >    maxSpareThreads="75"
> >    enableLookup="false"
> >    acceptCount="100"
> >    debug="0"
> >    scheme="https"
> >    secure="true"
> >    clientAuth="false"
> >    sslProtocol="TLS"
> >    keystoreFile = "conf/.keystore"
> >    keystorePass = "secret"
> >    truststoreFile = "conf/cacerts"/>
> >
> > This should work.
> >
> > -- Franck
> >


Klaus,

I just solved a similar problem (I described it in a message in this 
forum:Tomcat on AIX, IBM's JVM.  Was Re: [OT] AIX filtering Explorer?). I 
did everything Franck suggested with no luck. I added the full path to the 
(key|trust)storeFile paramaters and it worked.  I'll experiment to find a 
precise cause of the problem.  I have symbolic links in my path to the 
tomcat distribution, which may cause a problem.


BTW I think Franck's instructions should have been either 

> > 1) keytool -genkey -alias tomcat -keyalg RSA -keystore 
> > /opt/tomcat/conf/.keystore --> creates key

or 

> >    keystoreFile = "bin/.keystore"

and probably he meant the former.

Tim S

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
Our company accepts no liability for the content of this email, or for the consequences of
any actions taken on the basis of the information
provided, unless that information is subsequently confirmed in writing.
Any views or opinions presented in this email are solely those of the 
author and do not necessarily represent those of the company.
WARNING: Computer viruses can be transmitted via email.
The recipient should check this email and any attachments for the 
presence of viruses. The company accepts no liability for any damage 
caused by any virus transmitted by this email.
11/29/2003 ACE Software, LLC

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message