Update: I did a "keytool -list" with the "-rfc" options and discovered that
all the certs *are* in fact there, but just that public/private key were
bundled together under the same alias. The way it lists the certs by
default is what confused me.

HOWEVER, I uploaded the keystore to our server, set up server.xml, and
restarted Tomcat, but every single secure connection I attempt just times
out. I don't understand why this happens.

Here's my server.xml SSL connector:

 <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
  <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
         port="8443" minProcessors="5" maxProcessors="75"
         enableLookups="true"
      acceptCount="100" debug="0" scheme="https" secure="true"
         useURIValidationHack="false" disableUploadTimeout="true"
         compression="on">
   <Factory
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
         clientAuth="false" protocol="TLS" keystorePass="changeit"
         keystoreFile="conf/.keystore"/>
  </Connector>

Btw, does anybody know how to secure the server.xml file? It contains some
clear text passwords, so this really concerns me! (Yes, I know "changeit" is
the default password even without specifying it here).

Also, I don't currently have any <security-contraint>s set in my web.xml.

Thanks for any insights!

Sonny

>From: "Sonny Sukumar" <ahimsadesi@(protected)>
>Reply-To: ssukumar@(protected)
>To: tomcat-user@(protected)
>Subject: Re: [HELP!] Which key alias names to use for SSL?
>Date: Sat, 11 Oct 2003 14:12:17 -0700
>
>
>Hi Adam,
>
>Your first step was:
>># keytool -genkey -alias tomcat -keyalg RSA
>
>and your last step was:
>># keytool -import trustcacerts -file public.crt -alias tomcat
>
>So you used the same alias ("tomcat") for both the private key and the
>signed public key. This is what doesn't work for me, because when I import
>the signed public key using the same ("tomcat") alias, my private key gets
>overwritten. I've verified this using "keytool list -keystore ./.keystore"
>
>I also have the root cert from GeoTrust in there with alias "root". The
>root cert is actually an Equifax cert valid from 1998 to 2018, but the
>GeoTrust tech support rep told me to use that one. Could this be the
>problem?
>
>Other ideas?
>
>Thanks,
>
>Sonny
>
>>From: Adam Hardy <ahardy.struts@(protected)>
>
>>On 10/11/2003 09:08 PM Sonny Sukumar wrote:
>>>
>>>[I sent this once before, but got no response, and I'm not sure what to
>>>do. Thanks in advance.]
>>>
>>>Hi guys,
>>>
>>>I'm trying to setup my Tomcat (4.1.27) server to work with SSL. I got a
>>>CA-signed cert to go with my private key and CA root cert, but I'm
>>>confused as to how to name the alias for the CA-signed-cert and my
>>>private key.
>>>
>>>The Tomcat SSL How-To is confusing me, becuase it says to give the
>>>"tomcat" alias to both the private key and the CA-signed key. I tried it
>>>and it overwrote my private key (luckily I made a backup of my keystore).
>>>
>>>I'm looking at this documentation:
>>>http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
>>>
>>>It also doesn't seem possible to configure the alias names in server.xml.
>>> So what alias names should I use? :-)
>
>_________________________________________________________________
>Instant message with integrated webcam using MSN Messenger 6.0. Try it now
>FREE! http://msnmessenger-download.com
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
>For additional commands, e-mail: tomcat-user-help@(protected)
>

_________________________________________________________________
Share your photos without swamping your Inbox. Get Hotmail Extra Storage
today! http://join.msn.com/?PAGE=features/es


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)