tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: SSL Configuration Errors
Date Fri, 06 Jan 2012 22:20:12 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Justin,

On 1/6/12 2:56 PM, Justin Larose wrote:
> This Tomcat environment was setup long before I worked here, so I
> am just upgrading from an older version to 7.0.23 and trying to not
> use a self signed certificate.

It's important for you to know if your app actually requires client
authentication. Since your <Connector> says clientAuth="true", it
means that all clients must present a valid certificate in order to
connect.

> I can get the sample-ssl.jks to work with the below connector port 
> information. But when I edit the connector ports to add the new 
> "wcmdev-ssl.jks" and imported Certificate(s) I received from the
> CSR I get the error, "java.io.IOException: Alias name tomcat does
> not identify a key entry"

What do you get if you run this command:

$ keytool -list -keystore conf/sample-ssl.jks

> Weird because it is an alias. Is it looking for tomcat as the
> actual entry name or alias?

Your certificate needs to have the alias "tomcat".

> It seems like it is not reading the keystore properly. Should I
> just create a new CSR from the sample-ssl.jks keystore?

That shouldn't be necessary. You may have to re-import your
certificate, though.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8Hc5wACgkQ9CaO5/Lv0PC9LwCcDOxPQ9G8PY6WQAcUq/6zDvjR
CU4AoLsvEq++7v0Ml5+A+XjRPilsKA9p
=6XzB
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message