tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Siddhi Borkar <siddhi_bor...@persistent.co.in>
Subject RE: Error configuring tomcat with ssl certificates
Date Wed, 06 Mar 2013 11:58:35 GMT
Thanks a lot Ognjen, The solution you provided worked very well. 

-----Original Message-----
From: Ognjen Blagojevic [mailto:ognjen.d.blagojevic@gmail.com] 
Sent: Wednesday, March 06, 2013 3:31 PM
To: Tomcat Users List
Subject: Re: Error configuring tomcat with ssl certificates

Siddhi,

On 6.3.2013 10:41, Siddhi Borkar wrote:
> The certificate that I am using is RSA based certificate,  I tried listing the RSA based
ciphers in the server the xml, however it still gave me the same error.
> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>                   maxThreads="150"  scheme="https" secure="true" 
> keystoreFile="/tmp/.keystore"  keystorePass="changeit" 
> enableLookups="false"  
> ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WIT
> H_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_E
> DE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,
> SSL_DHE_RSA_WITH_DES_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EX
> PORT_WITH_DES40_CBC_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"  
> clientAuth="false" sslProtocol="TLS" />
>
> Any idea what else could be going wrong?

You didn't import your private key into Java keystore.

Use openssl to create PKCS#12 keystore containing your private key (prvkey.key), your certificate
(sslcert.crt) and sertificate chain (cacert.pem).

Then, import PKCS#12 keystore to Java keystore using keytool.

Verify Java keystore with:

   keytool -list -keystore /tmp/.keystore -v

You should see one PrivateKeyEntry, with certificate chain to trusted CA.

-Ognjen

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent
Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed.
If you are not the intended recipient, you are not authorized to read, retain, copy, print,
distribute or use this message. If you have received this communication in error, please notify
the sender and delete all copies of this message. Persistent Systems Ltd. does not accept
any liability for virus infected mails.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Mime
View raw message