tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marko Sacher <marko_s...@web.de>
Subject Re: certificate problem in firefox 3.05
Date Wed, 11 Feb 2009 15:15:55 GMT
It is working now!
The first problem seems to be that FF3 has a problem with DSA signature: 
https://bugzilla.mozilla.org/show_bug.cgi?id=452712
The second problem was that my installed Java JRE had a keytool which was not 
able to combine the option -keyalg RSA and -sigalg SHA1withRSA correctly. It
generated a key but my CA Startcom said MD5 is no valid algorithm. After an
update from JRE 1.5.0.16 to 1.6.0.7 and running the keytool with the following
commands it is finally working now:

1. keytool -genkey -alias some-time -dname "cn=Marko Sacher, ou=some-time, 
o=some-time, l=Essen, s=Nordrhein-Westfalen, 
c=DE" -keystore .keystore -validity 365 -keyalg RSA -sigalg 
SHA1withRSA -keysize 2048
2. keytool -certreq -alias some-time -file 
ns.some-time.de.csr -keystore ./.keystore
3. keytool -import -file ca.crt -alias startcom.ca -keystore .keystore
4. keytool -import -alias startcom.ca.sub -file 
sub.class2.server.ca.crt -keystore .keystore
5. keytool -import -alias some-time -file 
ns.some-time.de.signed.crt -keystore .keystore

Important: alias in command 5 has to be equal to alias in command 1!!!

The problem is solved for me but I think it is still a good idea to make FF3
accept the certificates I posted before with DSA signature.
> Marko,
>
> On 2/11/2009 3:54 AM, Marko Sacher wrote:
> > I think I have the following problem:
> >
> > https://bugzilla.mozilla.org/show_bug.cgi?id=441321
> >
> > I made a report there.
>
> Excellent. Please followup with them (there's already a question about
> your setup from Kaspar Brand.
>
> If/when you find a solution, please post back to the list.
>
> Good luck,
> -chris
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message