tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Gainty" <mgai...@hotmail.com>
Subject Re: problem with truststoreFile in server.xml
Date Tue, 24 Oct 2006 15:41:27 GMT
Hello Victor-

you may want to follow the directions on how to create an empty keystore and then import Import
the private key/certificate chain into the java keystore using extkeytool 
http://www.switch.ch/aai/certificates/certificateupdate.html

then take a look at the keys afterwards at
keytool -v -list -keystore www.example.edu.jks

Anyone else?
M--
This e-mail communication and any attachments may contain confidential and privileged information
for the use of the 
designated recipients named above. If you are not the intended recipient, you are hereby notified
that you have received
this communication in error and that any review, disclosure, dissemination, distribution or
copying of it or its 
contents
----- Original Message ----- 
From: "VĂ­ctor Torres - UPF" <victor.torres@upf.edu>
To: <users@tomcat.apache.org>
Sent: Tuesday, October 24, 2006 9:14 AM
Subject: problem with truststoreFile in server.xml


> Dear all,
> 
> I have configured my Tomcat 5.5.17 to require SSL client authentication. For 
> this purpose, I have stored my root CA certificate into a PKCS12 keystore 
> which I use as truststoreFile by configuring server.xml. This CA certificate 
> is used to sign user certificates that I want to be trusted.
> 
> The problem I have is the following:
> - truststoreFile (PKCS12) contains root CA certificate + private key -> 
> everything works perfectly.
> - truststoreFile (PKCS12) contains root CA certificate -> clients cannot 
> connect.
> 
> truststoreFile should not contain private keys, so why does Tomcat behave in 
> this way?
> 
> Thanks in advance.
> 
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
>
Mime
View raw message