tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Morris Jones <m...@whiteoaks.com>
Subject Re: Self-Signed Certificate for Tomcat JVM and CAS
Date Wed, 15 Aug 2007 14:47:51 GMT
Sorry I hadn't seen your message earlier when you posted it.  But you 
should create the keystore with a keystore password.  Did you do that?

Cheers,
Mojo

Lisa Tan wrote:
> After following the docs to generate self-signed pkcs12 key, I  failed to import the
key/certificate into my application with No password given for keystore, integrity will not
be verified. What does the reason cause this error?
> 
> I read some docs which ask to create an empty Java keystore and convert PEM formatted
key to PKCS8 format. Why do I need to create an empty keystore?
> 
> Thanks,
> 
> Lisa
> 
> ---- Original message ----
>> Date: Fri, 10 Aug 2007 18:25:56 -0700
>> From: "Bill Barker" <wbarker@wilshire.com>  
>> Subject: Re: Self-Signed Certificate for Tomcat JVM and CAS  
>> To: users@tomcat.apache.org
>>
>>
>> "Lisa Tan" <ag5087@wayne.edu> wrote in message 
>> news:007901c7db53$66fe7870$d804d98d@cit.wayne.edu...
>>> I don't know if this is a right list to ask this question. I tried to
>>> configure shibboleth which uses Tomcat with CAS authentication. I received
>>> an error: Unable to validate ProxyTicketValidator
>>>
>>>
>>>
>>> I did google search on this topic and understood the reason causing this
>>> problem is Tomcat JVM doesn't trust the SSL cert of the CAS server. Since 
>>> I
>>> am still in the testing stage, I can't get a CA certificate but the
>>> self-signed certificate.
>>>
>>>
>>>
>>> If my understanding is correct, the self signed certificate via openssl
>>> doesn't have jks format but Tomcat JVM only accept jks format certificate.
>>>
>> If you had read the friendly manual at 
>> http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html, you would know that 
>> this isn't true :).  While it talks about the keystore, the truststore works 
>> the same way.  So use openssl to create a pkcs12 file, specify this as the 
>> truststore, in whatever way you need to do from the CAS docs, and you should 
>> be good to go.
>>>
>>> I am just wondering if any one can give me some instruction how to create 
>>> a
>>> self-signed certificate and private key which can be used or imported to
>>> both Tomcat JVM and CAS server.
>>>
>>>
>>>
>>> Thanks,
>>>
>>>
>>>
>>> Lisa
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org


-- 
Morris Jones
Monrovia, CA
http://www.whiteoaks.com
Old Town Astronomers http://www.otastro.org

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message