 | Mailing List | | Home | | Forum Home | | JBoss - Java Application Server | | Struts - A MVC web framework | | Tomcat - JSP/Servlet container | | iText - An open source PDF Java Library | | JDOM - JDOM XML Parser | | J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition | | J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog | | Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology | | JSP - A mailing list about Java Server Pages specification and reference | |
Struts & Hibernate
|
|
|
| | | SSL, keystore with ca hierarchy | SSL, keystore with ca hierarchy 2004-01-24 - By Oliver Wulff
Back
I've created the following keystore for Tomcat 4.1.18:
SET KEYSTORE_FILE=.\.keystore
keytool -import -keystore %KEYSTORE_FILE% -storepass icebeer -alias root
-trustcacerts -file CA_Root_APU.pem
keytool -import -keystore %KEYSTORE_FILE% -storepass icebeer -alias
server_ca -trustcacerts -file CA_Server_APU.pem
keytool -import -keystore %KEYSTORE_FILE% -storepass icebeer -alias tomcat
-trustcacerts -file TestServer_APU.pem
the root ca is self signed. the tomcat certificate is signed by server_ca
which is issued by the root ca. the password for the keystore and the
tomcat certificat are identical. Further, I've configured the server.xml
accordingly:
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector  "
port="9443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="100" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true">
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory "
clientAuth="false" protocol="TLS"
keystoreFile="certs/.keystore"
keystorePass="123456"
/>
</Connector>
Tomcat starts with no problems:
24.01.2004 15:10:41 org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on port 9080
24.01.2004 15:10:41 org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on port 9443
But I get the error "The Page Cannot Be Displayed" when I try to access the
index.html.
When I create the certificates in the following way it does work:
keytool -genkey -storepass 123456 -alias tomcat -keyalg RSA -keystore
.\dummy.keystore
keytool -rfc -storepass 123456 -export -alias tomcat -keystore
.\dummy.keystore -file dummy.tomcat.pem
Does Tomcat not support certificates with a ca hierarchy?
-oliver
******************* BITTE BEACHTEN *******************
Diese Nachricht (wie auch allf�llige Anh�nge dazu) beinhaltet
m�glicherweise vertrauliche oder gesetzlich gesch�tzte Daten oder
Informationen. Zum Empfang derselben ist (sind) ausschliesslich die
genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht
irrt�mlicherweise erreicht hat, sind Sie h�flich gebeten, diese unter
Ausschluss jeder Reproduktion zu zerst�ren und die absendende Person
umgehend zu benachrichtigen. Vielen Dank f�r Ihre Hilfe.
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)
|
|
|
