Java Mailing List Archive

http://www.junlu.com/

Home » Home (12/2007) » Tomcat Users »

Re: [HELP!] Which key alias names to use for SSL?

Sonny Sukumar

2003-10-11

Replies:


2nd Update:

--I reconfigured the SSL port from 8443 to 443 on our server (as well as the
redirect port), and all of a sudden I can connect using SSL. I don't
understand why 8443 didn't work. Any ideas??

--Now when I request static HTML pages, I get a browser alert saying that
some of the info on the requested page is NOT encrypted, so it displays a
lock broken in half instead of the golden lock I so desire. :-( I can't
understand how a page would get partially encrypted--especially a static
HTML page.

I'm not sure if it's relevant, but I use Cocoon for the backend (2.1.2) in
conjunction with Tomcat (4.1.27) on Linux (RedHat 7.3).

Sonny

>From: "Sonny Sukumar" <ahimsadesi@(protected)>
>
>
>Update: I did a "keytool -list" with the "-rfc" options and discovered that
>all the certs *are* in fact there, but just that public/private key were
>bundled together under the same alias. The way it lists the certs by
>default is what confused me.
>
>HOWEVER, I uploaded the keystore to our server, set up server.xml, and
>restarted Tomcat, but every single secure connection I attempt just times
>out. I don't understand why this happens.
>
>Here's my server.xml SSL connector:
>
>  <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
>   <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
>          port="8443" minProcessors="5" maxProcessors="75"
>          enableLookups="true"
>       acceptCount="100" debug="0" scheme="https" secure="true"
>          useURIValidationHack="false" disableUploadTimeout="true"
>          compression="on">
>    <Factory
>className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
>          clientAuth="false" protocol="TLS" keystorePass="changeit"
>          keystoreFile="conf/.keystore"/>
>   </Connector>
>
>Btw, does anybody know how to secure the server.xml file? It contains some
>clear text passwords, so this really concerns me! (Yes, I know "changeit"
>is the default password even without specifying it here).
>
>Also, I don't currently have any <security-contraint>s set in my web.xml.
>
>Thanks for any insights!
>
>Sonny
>
>>From: "Sonny Sukumar" <ahimsadesi@(protected)>
>>Reply-To: ssukumar@(protected)
>>To: tomcat-user@(protected)
>>Subject: Re: [HELP!] Which key alias names to use for SSL?
>>Date: Sat, 11 Oct 2003 14:12:17 -0700
>>
>>
>>Hi Adam,
>>
>>Your first step was:
>>># keytool -genkey -alias tomcat -keyalg RSA
>>
>>and your last step was:
>>># keytool -import trustcacerts -file public.crt -alias tomcat
>>
>>So you used the same alias ("tomcat") for both the private key and the
>>signed public key. This is what doesn't work for me, because when I
>>import the signed public key using the same ("tomcat") alias, my private
>>key gets overwritten. I've verified this using "keytool list -keystore
>>./.keystore"
>>
>>I also have the root cert from GeoTrust in there with alias "root". The
>>root cert is actually an Equifax cert valid from 1998 to 2018, but the
>>GeoTrust tech support rep told me to use that one. Could this be the
>>problem?
>>
>>Other ideas?
>>
>>Thanks,
>>
>>Sonny
>>
>>>From: Adam Hardy <ahardy.struts@(protected)>
>>
>>>On 10/11/2003 09:08 PM Sonny Sukumar wrote:
>>>>
>>>>[I sent this once before, but got no response, and I'm not sure what to
>>>>do. Thanks in advance.]
>>>>
>>>>Hi guys,
>>>>
>>>>I'm trying to setup my Tomcat (4.1.27) server to work with SSL. I got a
>>>>CA-signed cert to go with my private key and CA root cert, but I'm
>>>>confused as to how to name the alias for the CA-signed-cert and my
>>>>private key.
>>>>
>>>>The Tomcat SSL How-To is confusing me, becuase it says to give the
>>>>"tomcat" alias to both the private key and the CA-signed key. I tried
>>>>it and it overwrote my private key (luckily I made a backup of my
>>>>keystore).
>>>>
>>>>I'm looking at this documentation:
>>>>http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
>>>>
>>>>It also doesn't seem possible to configure the alias names in
>>>>server.xml. So what alias names should I use? :-)
>>
>>_________________________________________________________________
>>Instant message with integrated webcam using MSN Messenger 6.0. Try it now
>>FREE! http://msnmessenger-download.com
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
>>For additional commands, e-mail: tomcat-user-help@(protected)
>>
>
>_________________________________________________________________
>Share your photos without swamping your Inbox. Get Hotmail Extra Storage
>today! http://join.msn.com/?PAGE=features/es
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
>For additional commands, e-mail: tomcat-user-help@(protected)
>

_________________________________________________________________
Frustrated with dial-up? Get high-speed for as low as $29.95/month
(depending on the local service providers in your area).
https://broadband.msn.com


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)


©2008 junlu.com - Jax Systems, LLC, U.S.A.