tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Anthony <wadie...@gmail.com>
Subject GlobalSign certificates install on Tomcat 7
Date Wed, 05 Sep 2012 13:30:22 GMT
Hi, 

I would like to install globalsign certificates on my tomcat server. 

I am running Tomcat 7 on linux. 

I did the following: (on the server) 

1) received 4 files from globalsign: 
* globalsign.root.pem 
* globalsign.intermediate.pem 
* abccompany.secure 
* abccompany.pem 

2) created a chain certificate: 
cat globalsign.root.pem globalsign.intermediate.pem > chain.pem 

3) keytool -import -alias root -keystore tomcat-keystore.jks -trustcacerts
-file chain.pem 

4) keytool -import -alias tomcat -keystore tomcat-keystore.jks -trustcacerts
-file abccompany.pem 

5) configured %CATALINA_HOME%/server.xml as follows: 

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true" 
               maxThreads="200" scheme="https" secure="true" 
               keystoreFile="/home/certs/tomcat-keystore.jks" 
               keystoreType="JKS" keystorePass="xxx" 
               truststoreFile="/home/certs/tomcat-keystore.jks" 
               truststoreType="JKS" truststorePass="xxx" 
               SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2"               
               clientAuth="false" sslProtocol="TLS" />    
                            
6) opened the following address on firefox: https://myserver.com:8443
It asked whether I would like to accept the certificate and I clicked yes.
The tomcat page appeared 

(on the client running on Windows XP) 
1) converted the abccompany.pem to abccompany.p12 using openssl 
openssl pkcs12 -export -in abccompany.pem -inkey abccompany.secure -certfile
chain.pem -name tomcatcert -out client.p12 

2) added the following to my java client class 
String certificateFilePath= "C:\\JavaClient\\certs\\client.p12"; 
String certificatePassword = "xxx"; 
System.setProperty("javax.net.ssl.trustStore", certificateFilePath); 
System.setProperty("javax.net.ssl.trustStorePassword", certificatePassword); 

When running the client I get the following error: 

java.net.SocketException: java.security.NoSuchAlgorithmException: Error
constructing implementation (algorithm: Default, provider: SunJSSE, class:
com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl) 
        at javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown
Source) 
        at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown
Source) 
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) 
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
        at java.lang.reflect.Method.invoke(Unknown Source) 
        at
org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:116)

        at
org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:130)

        at
org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707) 
        at
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)

        at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)

        at
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)

        at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) 
        at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346) 
        at
org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:557)

        at
org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:199) 
        at
org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:76) 
        at
org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:400)

        at
org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:225)

        at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:438) 
        at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402) 
        at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)

        at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:165) 


My questions are: 
a) is the server configuration correct? 
b) is the generation of the client p12 certificate correct? 
c) any idea why I am getting this error when running the client? what am I
missing here? 

your help would be greatly appreciated!



--
View this message in context: http://tomcat.10.n6.nabble.com/GlobalSign-certificates-install-on-Tomcat-7-tp4986317.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message