tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filip Hanik - Dev Lists <devli...@hanik.com>
Subject Re: Problems with SSL-enabled Tomcat 5.5
Date Fri, 31 Aug 2007 16:58:29 GMT
I think what is happening in your case is that the SSL handshake fails, 
not even sure if debug turned on would show it. (depending on what 
connector you are running)

try removing the keyAlias (if you have it set) to let java decide on 
what cert in the keystore to use

Filip

Werner Schalk wrote:
> Hello,
>
> interestingly it did not work for me in the end. Basically I can 
> import the certificate and the private key to rebuild
> the original keystore using AgentBob's Java code. Fine. Then when 
> restarting Tomcat it does not complain anymore and everything appears
> to be fine (Tomcat says something like "Server started" and no error 
> messages whatsoever). However when
> connecting to the SSL-enabled site, there is no error message coming 
> up, but any browser (IE, Firefox, Konqueror)
> fail to connect to the site saying that the certificate is invalid or 
> corrupted (although one can still imspect it in
> the cert properties of the respective browser). Any ideas on how to 
> debug this problem? Tomcat appears to be
> okay with the cert and the keystore but SSL is still not working?
>
> @Christian: Did you have the same problem in the end or did it all 
> work for you?
>
> Bye,
> Werner
>
> ----- Original Message ----- From: "Filip Hanik - Dev Lists" 
> <devlists@hanik.com>
> To: "Tomcat Users List" <users@tomcat.apache.org>
> Sent: Friday, August 31, 2007 4:27 PM
> Subject: Re: Problems with SSL-enabled Tomcat 5.5
>
>
>> you need the private key in order to run SSL, but you can import the 
>> private key, so ask the folks from your company for the private key, 
>> here is the info how you import it,
>> someone else posted it this week
>> http://www.agentbob.info/agentbob/79.html
>>
>> Filip
>>
>> bajistaman wrote:
>>> I'm having the same problem. Some people from my company created the
>>> Certificate Signing Request and the only thing that I've received 
>>> was an
>>> email with the certificate, then I tried to install it and I had the 
>>> same
>>> problems that Werner has. Do I have to do all over again from Tomcat 
>>> from
>>> the private key, CSR, ...?
>>>
>>> Thanks,
>>>
>>> Johann
>>>
>>> #Generate a private key
>>> keytool -storepass changeit -genkey -alias tomcat -keyalg RSA
>>>
>>> #Generate the Certificate Signing Request (CSR)
>>> keytool -storepass changeit -certreq -alias tomcat -file name.csr
>>> #Send the CSR to get a certificate
>>>
>>> #Import the intermediate cert
>>> keytool -storepass changeit -import -alias intermediateCA -trustcacerts
>>> -file intermediateCA.cer
>>>
>>> #Import the cert
>>> keytool -storepass changeit -import -alias tomcat -trustcacerts -file
>>> name.cer
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org 
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message