tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jairaj kamal <jairaj.ka...@gmail.com>
Subject Re: Issue while Configuring SSL in tomcat6
Date Tue, 05 May 2015 00:35:00 GMT
Hello, when I checked with below command I find my keystore created type as
"JKS" and we are using tool "Keytool". Initially we received 2 certificates
"TestRoot.cer" & "Test.cer", when found things not working, we are now
trying to import certs of PKCS#12 format (.pfk) via Keytool


*#Testing Keystore type*

*D:\Program Files (x86)\Java\jdk1.6.0_27\bin>keytool -list -v -keystore
C:\Users\*

*svcr2wadmin\nedr2wqajob1\Test.keystore*

*Enter keystore password:*


*Keystore type: JKS*

*Keystore provider: SUN*


*#Earlier tried steps:*

keytool -genkey -alias report2web -keyalg RSA -keystore
C:\Users\svcr2wadmin\nedr2wqajob1\Test.keystore


keytool -certreq -keyalg RSA -alias report2web -file
C:\Users\svcr2wadmin\nedr2wqajob1\Test.csr -keystore
C:\Users\svcr2wadmin\nedr2wqajob1\Test.keystore


keytool -import -alias root -keystore
C:\Users\svcr2wadmin\nedr2wqajob1\Test.keystore -trustcacerts -file
C:\Users\svcr2wadmin\nedr2wqajob1\TestRoot.cer


keytool -import -alias *nedr2wqajob1 *-keystore
C:\Users\svcr2wadmin\nedr2wqajob1\Test.keystore -file
C:\Users\svcr2wadmin\nedr2wqajob1\Test.cer


             Then also did below


keytool -import -alias nedr2wjob1_non_prod_p7b -keystore
C:\Users\svcr2wadmin\nedr2wqajob1\Test.keystore -file
C:\Users\svcr2wadmin\nedr2wqajob1\Test.pfx


# But
Below is the error coming while importing the latest .pfx certificated shared

 D:\Program Files (x86)\Java\jdk1.6.0_27\bin>keytool -import -alias
nedr2wjob1QAJob1 -keystore C:\Users\svcr2wadmin\nedr2wqajob1\Test.keystore
-file C:\Users\svcr2wadmin\nedr2wqajob1\*Test.pfx*

Enter keystore password:

*keytool error: java.lang.Exception: Input not an X.509 certificate*

#Certificate status as observed in the browser

1. nedr2wqajob1 is the alias name of certificate Test.cer - It shows for
non Root certificate as "Your connection to *nedr2wqajob1  *is encrypted
with obsolete cryptography, The connections uses TLS 1.0. The connection
uses AES_128_CBC with SHA1 for message authentication and DHE_RSA as the
key exchange mechanism.



2. Error message showing in chrome browser as below

“This CA Root certificate is not trusted because it is not in the
Trusted Root Certification Authorities store.”



Let me know what to do to resolve this ?

*Jairaj Kamal*


On Mon, May 4, 2015 at 6:51 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Jairaj,
>
> On 5/4/15 5:35 PM, jairaj kamal wrote:
> > Attached find the error coming in browser,looks to be issue with
> > Root certificate.
>
> This list strips attachments. Please copy/paste any messages into the
> text of your post.
>
> > Also we tried PKCS#12 format certs but getting below Error
>
> The keystore format won't change what gets sent to the client.
>
> > D:\Program Files (x86)\Java\jdk1.6.0_27\bin>keytool -import -alias
> > nedr2wjob1_no n_prod_p7b -keystore
> > C:\Users\svcr2wadmin\nedr2wqajob1\QA_Job1_report2web.keysto re
> > -file C:\Users\svcr2wadmin\nedr2wqajob1\nedr2wjob1_non_prod.p7b
> > Enter keystore password: *keytool error: java.lang.Exception: Input
> > not an X.509 certificate*
>
> If you really have a PKCS12 keystore, they you'll need to specify the
> keystore type on the command-line.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCAAGBQJVSAYcAAoJEBzwKT+lPKRYLREQAMPD6shOiwK7On4wTmMbsuJR
> ifabn95GXN4ia+L80IlvqyY17Mjfe1VzMYsVhLgpJRiEQmSMoy3ChxbeD+2h3Pzc
> 38GXZWg8anBHaHqceQDhaiHW2HYNW1HV7IzG22gYDlfi0zwv8JYbpxqQXr7Kf+9q
> CtO8sUt4hTxWW9zYl5mTa2xB7vXr7jl5k0UTTCF7nNuraXGhFBWifebYZ1AxFJEp
> aP6n80rglMC9/K4SVCGRaGjGbHKcN7fiJX1InswWNnGzfWgIvt4HxlZeQwNFrQaa
> N35MGu9pINQ/iofrW/7M5Vp1oqQNMWRSRpU6t9QK3FO6crfNpIuNxmwf46oeEiQh
> 7HKF+sBmWlWC4QTdpdMiHNg1Ux2XhZrOzpo657QdrLKPKKLHAqtqcmrlJDTCs6Bs
> lI7NvQXMpMyc466Q0EvemQPkjoyeYr2uRJo8pcscATrvPPqD+chqEstgc6UjHDsZ
> NQqgDIPxPjKrZf1RUj3oEM693ezMCcvTICAMWbcjzTXrrDBFRPFgrM7gSrGjd/ib
> 17XsI5+cO3Rc4Ai3d6ss+uMf2HI7/DRQwYEs1h4dUu4Ug1WmRTOEEXV4nFkDUGBS
> AkoQqx77phGcy3XiASB0Dc96CrkbkVXCtmPYf2RH5OXivzkIztn78WSexWv4q01L
> sP/r1a2F394bEExnUXIX
> =7onF
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message