tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Saravana Kumar <tuxku...@gmail.com>
Subject RE: Need help w/ installing certificate continued...
Date Thu, 16 Nov 2006 07:37:08 GMT
Andy Tipton wrote:

> I have done the following... (I am running Tomcat 5 on a Windows 2003
> Server)
> 
> - Recreated the .keystore many different times trying to get one to
> work... - Tried different aliases with my domain crt (does the alias
> matter?) - Installed the crts in Windows and everthing shows fine there
> when viewing
> 
Does the .keystore file that you recreated has the same key you used to
generate CSR? If not, you may have to start from the first step gen fresh
tomcat.key(tomcat alias) and fresh csr and get new cert.

>   the crt.
> - Set my config in the server.xml (I have tried SSL and TLS):
>       <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
>       <Connector port="443" maxHttpHeaderSize="8192"
>       address="192.168.1.190"
>                maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>                enableLookups="false" disableUploadTimeout="true"
>                acceptCount="100" scheme="https" secure="true"
>                clientAuth="false" sslProtocol="TLS"
> keystoreFile="tomcat.keystore"
> keystorePass="changeit"/>
You can try giving the full path to the keystoreFile="c:\..\tomcat.key" and
see if that works.

> - Imported the certificates into my keystore in the following order: root,
> 
>   intermed, tomcat.
>       
> C:\Program Files\Java\jdk1.5.0_05\bin>keytool -list -keystore
> tomcat.keystore
> Enter keystore password:  changeit
> 
> 
> C:\Program Files\Java\jdk1.5.0_05\bin>
> 
> - When I installed the root crt it said that there was already a system
> wide
> 
>   root crt installed, do I want to continue to import it into the keystore
>   and I said 'yes'.
> 
> - All I get is a 'Page cannot be displayed' when trying to access the
>   browser 'https:'
> 
> - If I create a keystore without importing the real crt, then it works,
> but
>   just says that the crt it to trusted.
> 
> What am I missing?  I can't get it to work...

Hope you have done all the steps as mentioned in my previous post.

Regds,
SK

> >  
> -----Original Message-----
> From: news [mailto:news@sea.gmane.org] On Behalf Of Saravana Kumar
> Sent: Wednesday, November 15, 2006 5:07 AM
> To: users@tomcat.apache.org
> Subject: Re: Need help w/ installing certificate continued...
> 
> Andy Tipton wrote:
> 
>> I have read all through the documentation and can't find what I am doing
>> wrong. The only thing that I didn't do was the importing of the
>> valicert_class2_root.crt file because I wasn't given one when I
>> downloaded
>> my certificate.  I imported the real one after I imported the
>> intermediate crt.
> 
> Did you get any error during this step ie., importing intermediate crt
> after root?
> 
>> So now I have this:
>>  
>> C:\Program Files\Java\jdk1.5.0_05\bin>keytool -list -keystore .keystore
>> Enter keystore password:  changeit
>>  
>> Keystore type: jks
>> Keystore provider: SUN
>>  
>> Your keystore contains 2 entries
>>  
>> tomcat5, Nov 13, 2006, trustedCertEntry,
>> Certificate fingerprint (MD5):
>> 73:EA:94:A1:38:C8:9A:5D:65:44:7C:C7:65:A7:01:5F
>> intermed, Nov 13, 2006, trustedCertEntry,
>> Certificate fingerprint (MD5):
>> 7A:A5:BA:4F:BC:0A:C5:3C:56:E9:50:A0:13:6A:88:A9
>>  
>> C:\Program Files\Java\jdk1.5.0_05\bin>
>>  
>> Could it have to do with the alias?  I am can't figure out what it could
>> be.
> 
> I am not sure of whether this could be the problem with alias.
> 
>> I just get a 'page cannot be displayed' when trying to access it.  I have
>> been reading, but can't find anywhere that really explains who the
>> keystore and certificate relate to each other. if the alias matters.
>>  
>> I really need some help here.
> Below are the steps i did in one of my Linux box(must work in windows
> too).
> 
> First i generated tomcat.key & CSR with:
> $ keytool -genkey -alias tomcat -keyalg RSA -keystore tomcat.key
> $ keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore
> tomcat.key
> 
> Got the certs from our CA(Files sf_issuing.crt & _mydomain.crt). Copied
> the CA's intermediate cert to valicert_class2_root.crt
> 
> First import the CA's intermediate certificate to root, like this:
> $ keytool -import -alias root -keystore tomcat.key -trustcacerts -file
> valicert_class2_root.crt
> 
> Then import issuing cert to intermed:
> $ keytool -import -alias intermed -keystore tomcat.key -trustcacerts -file
> sf_issuing.crt
> 
> Last is to import your domain's cert to tomcat alias:
> $ keytool -import -alias tomcat -keystore tomcat.key -trustcacerts -file
> _mydomain.crt
> 
> The above steps worked perfectly for me. I had to just point the correct
> key file in server.xml and https started working.
> 
> Let me know if that helped you out.
> 
> Regds,
> SK
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message