tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marko Sacher <>
Subject Re: certificate problem in firefox 3.05
Date Wed, 11 Feb 2009 15:15:55 GMT
It is working now!
The first problem seems to be that FF3 has a problem with DSA signature:
The second problem was that my installed Java JRE had a keytool which was not 
able to combine the option -keyalg RSA and -sigalg SHA1withRSA correctly. It
generated a key but my CA Startcom said MD5 is no valid algorithm. After an
update from JRE to and running the keytool with the following
commands it is finally working now:

1. keytool -genkey -alias some-time -dname "cn=Marko Sacher, ou=some-time, 
o=some-time, l=Essen, s=Nordrhein-Westfalen, 
c=DE" -keystore .keystore -validity 365 -keyalg RSA -sigalg 
SHA1withRSA -keysize 2048
2. keytool -certreq -alias some-time -file -keystore ./.keystore
3. keytool -import -file ca.crt -alias -keystore .keystore
4. keytool -import -alias -file -keystore .keystore
5. keytool -import -alias some-time -file -keystore .keystore

Important: alias in command 5 has to be equal to alias in command 1!!!

The problem is solved for me but I think it is still a good idea to make FF3
accept the certificates I posted before with DSA signature.
> Marko,
> On 2/11/2009 3:54 AM, Marko Sacher wrote:
> > I think I have the following problem:
> >
> >
> >
> > I made a report there.
> Excellent. Please followup with them (there's already a question about
> your setup from Kaspar Brand.
> If/when you find a solution, please post back to the list.
> Good luck,
> -chris
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message