tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ognjen Blagojevic <ognjen.d.blagoje...@gmail.com>
Subject Re: Error configuring tomcat with ssl certificates
Date Wed, 06 Mar 2013 10:00:47 GMT
Siddhi,

On 6.3.2013 10:41, Siddhi Borkar wrote:
> The certificate that I am using is RSA based certificate,  I tried listing the RSA based
ciphers in the server the xml, however it still gave me the same error.
> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>                   maxThreads="150"  scheme="https" secure="true" keystoreFile="/tmp/.keystore"
 keystorePass="changeit" enableLookups="false"  ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"
 clientAuth="false" sslProtocol="TLS" />
>
> Any idea what else could be going wrong?

You didn't import your private key into Java keystore.

Use openssl to create PKCS#12 keystore containing your private key 
(prvkey.key), your certificate (sslcert.crt) and sertificate chain 
(cacert.pem).

Then, import PKCS#12 keystore to Java keystore using keytool.

Verify Java keystore with:

   keytool -list -keystore /tmp/.keystore -v

You should see one PrivateKeyEntry, with certificate chain to trusted CA.

-Ognjen

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message