-none- 2007-08-15 - By Lisa Tan
Back
I wish you would read this email earlier. I thought if I use the default
password (changeit), I don't need to have -storepass parameter. This morning
I re-read extkeytool example and tried to put the storepass parameter and it
works. After I imported my self-signed cert to JVM truststore, CAS client
can trust CAS server.
Thank all of you for providing me all the valueable links and information.
Lisa
-- --Original Message-- --
From: Morris Jones [mailto:mojo@(protected)]
Sent: Wednesday, August 15, 2007 10:48 AM
To: Tomcat Users List; ag5087@(protected)
Subject: Re: Self-Signed Certificate for Tomcat JVM and CAS
Sorry I hadn't seen your message earlier when you posted it. But you
should create the keystore with a keystore password. Did you do that?
Cheers,
Mojo
Lisa Tan wrote:
> After following the docs to generate self-signed pkcs12 key, I failed to
import the key/certificate into my application with No password given for
keystore, integrity will not be verified. What does the reason cause this
error?
>
> I read some docs which ask to create an empty Java keystore and convert
PEM formatted key to PKCS8 format. Why do I need to create an empty
keystore?
>
> Thanks,
>
> Lisa
>
> ---- Original message ----
>> Date: Fri, 10 Aug 2007 18:25:56 -0700
>> From: "Bill Barker" <wbarker@(protected)>
>> Subject: Re: Self-Signed Certificate for Tomcat JVM and CAS
>> To: users@(protected)
>>
>>
>> "Lisa Tan" <ag5087@(protected)> wrote in message
>> news:007901c7db53$66fe7870$d804d98d@(protected)
>>> I don't know if this is a right list to ask this question. I tried to
>>> configure shibboleth which uses Tomcat with CAS authentication. I
received
>>> an error: Unable to validate ProxyTicketValidator
>>>
>>>
>>>
>>> I did google search on this topic and understood the reason causing this
>>> problem is Tomcat JVM doesn't trust the SSL cert of the CAS server.
Since
>>> I
>>> am still in the testing stage, I can't get a CA certificate but the
>>> self-signed certificate.
>>>
>>>
>>>
>>> If my understanding is correct, the self signed certificate via openssl
>>> doesn't have jks format but Tomcat JVM only accept jks format
certificate.
>>>
>> If you had read the friendly manual at
>> http://tomcat.apache.org/tomcat-5 (See http://cat-5.ora-code.com).5-doc/ssl-howto.html, you would know
that
>> this isn't true :). While it talks about the keystore, the truststore
works
>> the same way. So use openssl to create a pkcs12 file, specify this as
the
>> truststore, in whatever way you need to do from the CAS docs, and you
should
>> be good to go.
>>>
>>> I am just wondering if any one can give me some instruction how to
create
>>> a
>>> self-signed certificate and private key which can be used or imported to
>>> both Tomcat JVM and CAS server.
>>>
>>>
>>>
>>> Thanks,
>>>
>>>
>>>
>>> Lisa
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>> -- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
>> To start a new topic, e-mail: users@(protected)
>> To unsubscribe, e-mail: users-unsubscribe@(protected)
>> For additional commands, e-mail: users-help@(protected)
>>
>
> -- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
> To start a new topic, e-mail: users@(protected)
> To unsubscribe, e-mail: users-unsubscribe@(protected)
> For additional commands, e-mail: users-help@(protected)
--
Morris Jones
Monrovia, CA
http://www.whiteoaks.com
Old Town Astronomers http://www.otastro.org
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)
|
|
