tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lisa Tan" <ag5...@wayne.edu>
Subject RE: Self-Signed Certificate for Tomcat JVM and CAS
Date Wed, 15 Aug 2007 18:32:42 GMT
I wish you would read this email earlier. I thought if I use the default
password (changeit), I don't need to have -storepass parameter. This morning
I re-read extkeytool example and tried to put the storepass parameter and it
works. After I imported my self-signed cert to JVM truststore, CAS client
can trust CAS server.

Thank all of you for providing me all the valueable links and information.

Lisa
-----Original Message-----
From: Morris Jones [mailto:mojo@whiteoaks.com] 
Sent: Wednesday, August 15, 2007 10:48 AM
To: Tomcat Users List; ag5087@wayne.edu
Subject: Re: Self-Signed Certificate for Tomcat JVM and CAS

Sorry I hadn't seen your message earlier when you posted it.  But you 
should create the keystore with a keystore password.  Did you do that?

Cheers,
Mojo

Lisa Tan wrote:
> After following the docs to generate self-signed pkcs12 key, I  failed to
import the key/certificate into my application with No password given for
keystore, integrity will not be verified. What does the reason cause this
error?
> 
> I read some docs which ask to create an empty Java keystore and convert
PEM formatted key to PKCS8 format. Why do I need to create an empty
keystore?
> 
> Thanks,
> 
> Lisa
> 
> ---- Original message ----
>> Date: Fri, 10 Aug 2007 18:25:56 -0700
>> From: "Bill Barker" <wbarker@wilshire.com>  
>> Subject: Re: Self-Signed Certificate for Tomcat JVM and CAS  
>> To: users@tomcat.apache.org
>>
>>
>> "Lisa Tan" <ag5087@wayne.edu> wrote in message 
>> news:007901c7db53$66fe7870$d804d98d@cit.wayne.edu...
>>> I don't know if this is a right list to ask this question. I tried to
>>> configure shibboleth which uses Tomcat with CAS authentication. I
received
>>> an error: Unable to validate ProxyTicketValidator
>>>
>>>
>>>
>>> I did google search on this topic and understood the reason causing this
>>> problem is Tomcat JVM doesn't trust the SSL cert of the CAS server.
Since 
>>> I
>>> am still in the testing stage, I can't get a CA certificate but the
>>> self-signed certificate.
>>>
>>>
>>>
>>> If my understanding is correct, the self signed certificate via openssl
>>> doesn't have jks format but Tomcat JVM only accept jks format
certificate.
>>>
>> If you had read the friendly manual at 
>> http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html, you would know
that 
>> this isn't true :).  While it talks about the keystore, the truststore
works 
>> the same way.  So use openssl to create a pkcs12 file, specify this as
the 
>> truststore, in whatever way you need to do from the CAS docs, and you
should 
>> be good to go.
>>>
>>> I am just wondering if any one can give me some instruction how to
create 
>>> a
>>> self-signed certificate and private key which can be used or imported to
>>> both Tomcat JVM and CAS server.
>>>
>>>
>>>
>>> Thanks,
>>>
>>>
>>>
>>> Lisa
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org


-- 
Morris Jones
Monrovia, CA
http://www.whiteoaks.com
Old Town Astronomers http://www.otastro.org

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message