tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Víctor Torres - UPF <victor.tor...@upf.edu>
Subject Re: problem with truststoreFile in server.xml
Date Tue, 24 Oct 2006 15:55:29 GMT
Thanks, but this does not solve my problem.
What I can see in your directions is that you are using JKS keystore and you 
are importing the certificate and the private key.
What I was saying is that it should NOT be necessary to import the private 
keys into a truststoreFile. In fact, when I use as truststoreFile a PKCS12 
with the certificate and private key it works. It fails when the PKCS12 only 
contains the certificate. This seems to me strange.

Any other suggestions?


----- Original Message ----- 
From: "Martin Gainty" <mgainty@hotmail.com>
To: "Tomcat Users List" <users@tomcat.apache.org>; "Víctor Torres - UPF" 
<victor.torres@upf.edu>
Sent: Tuesday, October 24, 2006 5:41 PM
Subject: Re: problem with truststoreFile in server.xml


> Hello Victor-
>
> you may want to follow the directions on how to create an empty keystore 
> and then import Import the private key/certificate chain into the java 
> keystore using extkeytool
> http://www.switch.ch/aai/certificates/certificateupdate.html
>
> then take a look at the keys afterwards at
> keytool -v -list -keystore www.example.edu.jks
>
> Anyone else?
> M--
> This e-mail communication and any attachments may contain confidential and 
> privileged information for the use of the
> designated recipients named above. If you are not the intended recipient, 
> you are hereby notified that you have received
> this communication in error and that any review, disclosure, 
> dissemination, distribution or copying of it or its
> contents
> ----- Original Message ----- 
> From: "Víctor Torres - UPF" <victor.torres@upf.edu>
> To: <users@tomcat.apache.org>
> Sent: Tuesday, October 24, 2006 9:14 AM
> Subject: problem with truststoreFile in server.xml
>
>
>> Dear all,
>>
>> I have configured my Tomcat 5.5.17 to require SSL client authentication. 
>> For
>> this purpose, I have stored my root CA certificate into a PKCS12 keystore
>> which I use as truststoreFile by configuring server.xml. This CA 
>> certificate
>> is used to sign user certificates that I want to be trusted.
>>
>> The problem I have is the following:
>> - truststoreFile (PKCS12) contains root CA certificate + private key ->
>> everything works perfectly.
>> - truststoreFile (PKCS12) contains root CA certificate -> clients cannot
>> connect.
>>
>> truststoreFile should not contain private keys, so why does Tomcat behave 
>> in
>> this way?
>>
>> Thanks in advance.
>>
>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>> 


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message