RE: SSL configuration question
Hi Mark, Have you achived to configure ssl on tomcat? If yes, can you please tell me the documentation that you read? I tried to configure it with the information on this link http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html. but i couldn't do it. -Original Message- From: Faine, Mark [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 05, 2005 7:34 PM To: 'Tomcat Users List' Subject: RE: SSL configuration question Nevermind, It is fixed. Unfortunately though I can't pass on my findings as I'm not sure exactly what fixed it. -Mark -Original Message- From: Faine, Mark Sent: Tuesday, April 05, 2005 9:44 AM To: 'Tomcat Users List' Subject: RE: SSL configuration question I tried this same procedure that you suggested below for importing Apache SSL key to tomcat (http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs24694) on another server and it didn't work. I'm getting the error listed below when tomcat starts up. I've done it exactly like before. Any help resolving this issue would be greatly appreciated it. -Mark SEVERE: Error starting endpoint java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1 275) at java.security.KeyStore.load(KeyStore.java:1150) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory .java:278) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFact ory.java:220) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14Soc ketFactory.java:143) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory .java:109) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFac tory.java:88) at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java :259) at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.jav a:281) at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:171) at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1527) at org.apache.catalina.core.StandardService.start(StandardService.java:489) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425) Caused by: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.SunJCE_h.b(DashoA6275) at com.sun.crypto.provider.SunJCE_h.b(DashoA6275) at com.sun.crypto.provider.SunJCE_ab.b(DashoA6275) at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineDoFin al(DashoA6275) at javax.crypto.Cipher.doFinal(DashoA12275) at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1 272) ... 19 more Apr 5, 2005 9:22:36 AM org.apache.catalina.startup.Catalina start SEVERE: Catalina.start: LifecycleException: Protocol handler start failed: java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1529) at org.apache.catalina.core.StandardService.start(StandardService.java:489) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425) Apr 5, 2005 9:22:36 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 14756 ms -Original Message- From: Faine, Mark Sent: Friday, April 01, 2005 9:25 AM To: 'Tomcat Users List' Subject: RE: SSL configuration question Thanks, the link you provided allowed me to get it imported correctly. This should go on a FAQ. Thanks again, -Mark -Original Message- From: Mikhail Kruk [mailto:[EMAIL PROTECTED
RE: SSL configuration question
I tried this same procedure that you suggested below for importing Apache SSL key to tomcat (http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs24694) on another server and it didn't work. I'm getting the error listed below when tomcat starts up. I've done it exactly like before. Any help resolving this issue would be greatly appreciated it. -Mark SEVERE: Error starting endpoint java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1 275) at java.security.KeyStore.load(KeyStore.java:1150) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory .java:278) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFact ory.java:220) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14Soc ketFactory.java:143) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory .java:109) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFac tory.java:88) at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java :259) at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.jav a:281) at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:171) at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1527) at org.apache.catalina.core.StandardService.start(StandardService.java:489) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425) Caused by: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.SunJCE_h.b(DashoA6275) at com.sun.crypto.provider.SunJCE_h.b(DashoA6275) at com.sun.crypto.provider.SunJCE_ab.b(DashoA6275) at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineDoFin al(DashoA6275) at javax.crypto.Cipher.doFinal(DashoA12275) at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1 272) ... 19 more Apr 5, 2005 9:22:36 AM org.apache.catalina.startup.Catalina start SEVERE: Catalina.start: LifecycleException: Protocol handler start failed: java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1529) at org.apache.catalina.core.StandardService.start(StandardService.java:489) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425) Apr 5, 2005 9:22:36 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 14756 ms -Original Message- From: Faine, Mark Sent: Friday, April 01, 2005 9:25 AM To: 'Tomcat Users List' Subject: RE: SSL configuration question Thanks, the link you provided allowed me to get it imported correctly. This should go on a FAQ. Thanks again, -Mark -Original Message- From: Mikhail Kruk [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 3:42 PM To: Tomcat Users List Subject: RE: SSL configuration question The certificate I imported was not self-signed (or should not be). It is what I received back from Entrust after submitting a CSR. It was already in use on Apache before I decided not to use Apache anymore. It worked before on Apache. I shut down apache and was intending to use the cert on only Tomcat. You can't easily import the certificate that was generated for Apache into Tomcat -- you need to have the prvite key part in your keystore and your private key is in your Apache. There must be a way to get the key from Apache and move it to Tomcat, but I'm not sure what it is. This might help
RE: SSL configuration question
Nevermind, It is fixed. Unfortunately though I can't pass on my findings as I'm not sure exactly what fixed it. -Mark -Original Message- From: Faine, Mark Sent: Tuesday, April 05, 2005 9:44 AM To: 'Tomcat Users List' Subject: RE: SSL configuration question I tried this same procedure that you suggested below for importing Apache SSL key to tomcat (http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs24694) on another server and it didn't work. I'm getting the error listed below when tomcat starts up. I've done it exactly like before. Any help resolving this issue would be greatly appreciated it. -Mark SEVERE: Error starting endpoint java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1 275) at java.security.KeyStore.load(KeyStore.java:1150) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory .java:278) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFact ory.java:220) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14Soc ketFactory.java:143) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory .java:109) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFac tory.java:88) at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java :259) at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.jav a:281) at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:171) at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1527) at org.apache.catalina.core.StandardService.start(StandardService.java:489) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425) Caused by: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.SunJCE_h.b(DashoA6275) at com.sun.crypto.provider.SunJCE_h.b(DashoA6275) at com.sun.crypto.provider.SunJCE_ab.b(DashoA6275) at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineDoFin al(DashoA6275) at javax.crypto.Cipher.doFinal(DashoA12275) at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1 272) ... 19 more Apr 5, 2005 9:22:36 AM org.apache.catalina.startup.Catalina start SEVERE: Catalina.start: LifecycleException: Protocol handler start failed: java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1529) at org.apache.catalina.core.StandardService.start(StandardService.java:489) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425) Apr 5, 2005 9:22:36 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 14756 ms -Original Message- From: Faine, Mark Sent: Friday, April 01, 2005 9:25 AM To: 'Tomcat Users List' Subject: RE: SSL configuration question Thanks, the link you provided allowed me to get it imported correctly. This should go on a FAQ. Thanks again, -Mark -Original Message- From: Mikhail Kruk [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 3:42 PM To: Tomcat Users List Subject: RE: SSL configuration question The certificate I imported was not self-signed (or should not be). It is what I received back from Entrust after submitting a CSR. It was already in use on Apache before I decided not to use Apache anymore. It worked before on Apache. I shut down apache and was intending to use the cert on only Tomcat. You can't easily import
Re: SSL configuration question
I thought the two are not related my key is stored in the java keystore. I did everything with keytool, part of java. Tomcat only needs the password and name. The SSL certificate is not generated for or by tomcat. Getting a valid certificate is a four step process. 1) Generate private key (keytool -genkey) this puts a private key into your keystore. It's secret, hide it. 2) Generate certificate request (keytool -certreq) creates a file which contains information about you (common name, city, state etc) and the public key which corresponds to private key from step 1 3) submit the request from step 2 to the authority (Thawte, Verisign...) 4) get signed certificate from the authority and import it into the keystore (keytool -import) For step 4 to work correctly the keystore must contain the private key from step 1. You can't generate private key in a Apache and then import corresponding certificate into Tomcat -- you must first move the private key from Apache to Tomcat. - Original Message - From: Mikhail Kruk [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 11:42 PM Subject: RE: SSL configuration question The certificate I imported was not self-signed (or should not be). It is what I received back from Entrust after submitting a CSR. It was already in use on Apache before I decided not to use Apache anymore. It worked before on Apache. I shut down apache and was intending to use the cert on only Tomcat. You can't easily import the certificate that was generated for Apache into Tomcat -- you need to have the prvite key part in your keystore and your private key is in your Apache. There must be a way to get the key from Apache and move it to Tomcat, but I'm not sure what it is. This might help: http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs24694 Thanks, -Mark -Original Message- From: Sasisekar S Sundaram [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 2:43 PM To: Tomcat Users List Subject: Re: SSL configuration question It shows both issued to and issue by because it is a self signed certificate. when you get you certificate authorized by some one like verisign, and then import that certificate into your keystore, you'll get issued by as that certifying authority's name. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 1:13 PM Subject: RE: SSL configuration question Thanks, I tried that before and got a permission error, but it works now. -Mark -Original Message- From: Hein Behrens [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 12:41 PM To: Tomcat Users List Subject: Re: SSL configuration question Answer to number 2 is edit your server.xml change 8443 to 443 in the ssl section also check that the the normal port redirects to 443. Where you see 8443 change to 443. 2 changes in your server.xml. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 7:44 PM Subject: SSL configuration question Solaris 8, Tomcat 5.0.28 I've configured my tomcat installation with my SSL key from Entrust and it is working (sort of). 1. It is not correctly configured. It shows my organization as both issued to and issue by when I view the certificate information. Could someone explain what I have done wrong and how to correct it. 2. It must be run on port 8443 because I need to run it as a user other than root. How can I bypass this limitation and run it on the standard 443 port? Thanks, -Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL
RE: SSL configuration question
Could you elaborate a bit more on how to move the private key from Apache to Tomcat? You would think if I have a cert from a CA then I should be able to import it into any server that uses SSL. I already have the cert all the other parts are only things that allowed me to obtain the cert. Thanks, -Mark -Original Message- From: Mikhail Kruk [mailto:[EMAIL PROTECTED] Sent: Friday, April 01, 2005 7:45 AM To: Tomcat Users List; Hein Behrens Subject: Re: SSL configuration question I thought the two are not related my key is stored in the java keystore. I did everything with keytool, part of java. Tomcat only needs the password and name. The SSL certificate is not generated for or by tomcat. Getting a valid certificate is a four step process. 1) Generate private key (keytool -genkey) this puts a private key into your keystore. It's secret, hide it. 2) Generate certificate request (keytool -certreq) creates a file which contains information about you (common name, city, state etc) and the public key which corresponds to private key from step 1 3) submit the request from step 2 to the authority (Thawte, Verisign...) 4) get signed certificate from the authority and import it into the keystore (keytool -import) For step 4 to work correctly the keystore must contain the private key from step 1. You can't generate private key in a Apache and then import corresponding certificate into Tomcat -- you must first move the private key from Apache to Tomcat. - Original Message - From: Mikhail Kruk [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 11:42 PM Subject: RE: SSL configuration question The certificate I imported was not self-signed (or should not be). It is what I received back from Entrust after submitting a CSR. It was already in use on Apache before I decided not to use Apache anymore. It worked before on Apache. I shut down apache and was intending to use the cert on only Tomcat. You can't easily import the certificate that was generated for Apache into Tomcat -- you need to have the prvite key part in your keystore and your private key is in your Apache. There must be a way to get the key from Apache and move it to Tomcat, but I'm not sure what it is. This might help: http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs24694 Thanks, -Mark -Original Message- From: Sasisekar S Sundaram [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 2:43 PM To: Tomcat Users List Subject: Re: SSL configuration question It shows both issued to and issue by because it is a self signed certificate. when you get you certificate authorized by some one like verisign, and then import that certificate into your keystore, you'll get issued by as that certifying authority's name. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 1:13 PM Subject: RE: SSL configuration question Thanks, I tried that before and got a permission error, but it works now. -Mark -Original Message- From: Hein Behrens [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 12:41 PM To: Tomcat Users List Subject: Re: SSL configuration question Answer to number 2 is edit your server.xml change 8443 to 443 in the ssl section also check that the the normal port redirects to 443. Where you see 8443 change to 443. 2 changes in your server.xml. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 7:44 PM Subject: SSL configuration question Solaris 8, Tomcat 5.0.28 I've configured my tomcat installation with my SSL key from Entrust and it is working (sort of). 1. It is not correctly configured. It shows my organization as both issued to and issue by when I view the certificate information. Could someone explain what I have done wrong and how to correct it. 2. It must be run on port 8443 because I need to run it as a user other than root. How can I bypass this limitation and run it on the standard 443 port? Thanks, -Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e
RE: SSL configuration question
Thanks, the link you provided allowed me to get it imported correctly. This should go on a FAQ. Thanks again, -Mark -Original Message- From: Mikhail Kruk [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 3:42 PM To: Tomcat Users List Subject: RE: SSL configuration question The certificate I imported was not self-signed (or should not be). It is what I received back from Entrust after submitting a CSR. It was already in use on Apache before I decided not to use Apache anymore. It worked before on Apache. I shut down apache and was intending to use the cert on only Tomcat. You can't easily import the certificate that was generated for Apache into Tomcat -- you need to have the prvite key part in your keystore and your private key is in your Apache. There must be a way to get the key from Apache and move it to Tomcat, but I'm not sure what it is. This might help: http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs24694 Thanks, -Mark -Original Message- From: Sasisekar S Sundaram [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 2:43 PM To: Tomcat Users List Subject: Re: SSL configuration question It shows both issued to and issue by because it is a self signed certificate. when you get you certificate authorized by some one like verisign, and then import that certificate into your keystore, you'll get issued by as that certifying authority's name. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 1:13 PM Subject: RE: SSL configuration question Thanks, I tried that before and got a permission error, but it works now. -Mark -Original Message- From: Hein Behrens [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 12:41 PM To: Tomcat Users List Subject: Re: SSL configuration question Answer to number 2 is edit your server.xml change 8443 to 443 in the ssl section also check that the the normal port redirects to 443. Where you see 8443 change to 443. 2 changes in your server.xml. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 7:44 PM Subject: SSL configuration question Solaris 8, Tomcat 5.0.28 I've configured my tomcat installation with my SSL key from Entrust and it is working (sort of). 1. It is not correctly configured. It shows my organization as both issued to and issue by when I view the certificate information. Could someone explain what I have done wrong and how to correct it. 2. It must be run on port 8443 because I need to run it as a user other than root. How can I bypass this limitation and run it on the standard 443 port? Thanks, -Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL configuration question
Could you elaborate a bit more on how to move the private key from Apache to Tomcat? As I said: I never did it myself, but the following link seems relevant: http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs24694 You would think if I have a cert from a CA then I should be able to import it into any server that uses SSL. I already have the cert all the other parts are only things that allowed me to obtain the cert. The cert from CA only contains the public key signed by the CA's private key. Showing public key to someone who connects to your web server is cool and everything, but it's not enough to establish a secure communication: you need to give your web server the secret key for that. http://www.ourshop.com/resources/ssl.html Thanks, -Mark -Original Message- From: Mikhail Kruk [mailto:[EMAIL PROTECTED] Sent: Friday, April 01, 2005 7:45 AM To: Tomcat Users List; Hein Behrens Subject: Re: SSL configuration question I thought the two are not related my key is stored in the java keystore. I did everything with keytool, part of java. Tomcat only needs the password and name. The SSL certificate is not generated for or by tomcat. Getting a valid certificate is a four step process. 1) Generate private key (keytool -genkey) this puts a private key into your keystore. It's secret, hide it. 2) Generate certificate request (keytool -certreq) creates a file which contains information about you (common name, city, state etc) and the public key which corresponds to private key from step 1 3) submit the request from step 2 to the authority (Thawte, Verisign...) 4) get signed certificate from the authority and import it into the keystore (keytool -import) For step 4 to work correctly the keystore must contain the private key from step 1. You can't generate private key in a Apache and then import corresponding certificate into Tomcat -- you must first move the private key from Apache to Tomcat. - Original Message - From: Mikhail Kruk [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 11:42 PM Subject: RE: SSL configuration question The certificate I imported was not self-signed (or should not be). It is what I received back from Entrust after submitting a CSR. It was already in use on Apache before I decided not to use Apache anymore. It worked before on Apache. I shut down apache and was intending to use the cert on only Tomcat. You can't easily import the certificate that was generated for Apache into Tomcat -- you need to have the prvite key part in your keystore and your private key is in your Apache. There must be a way to get the key from Apache and move it to Tomcat, but I'm not sure what it is. This might help: http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs24694 Thanks, -Mark -Original Message- From: Sasisekar S Sundaram [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 2:43 PM To: Tomcat Users List Subject: Re: SSL configuration question It shows both issued to and issue by because it is a self signed certificate. when you get you certificate authorized by some one like verisign, and then import that certificate into your keystore, you'll get issued by as that certifying authority's name. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 1:13 PM Subject: RE: SSL configuration question Thanks, I tried that before and got a permission error, but it works now. -Mark -Original Message- From: Hein Behrens [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 12:41 PM To: Tomcat Users List Subject: Re: SSL configuration question Answer to number 2 is edit your server.xml change 8443 to 443 in the ssl section also check that the the normal port redirects to 443. Where you see 8443 change to 443. 2 changes in your server.xml. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 7:44 PM Subject: SSL configuration question Solaris 8, Tomcat 5.0.28 I've configured my tomcat installation with my SSL key from Entrust and it is working (sort of). 1. It is not correctly configured. It shows my organization as both issued to and issue by when I view the certificate information. Could someone explain what I have done wrong and how to correct it. 2. It must be run on port 8443 because I need to run it as a user other than root. How can I bypass this limitation and run
RE: SSL configuration question
Fortunately it's not that Frequent that people end up where you did :) You should first finalize your config and decide whether you will run Tomcat standalone or with Apache/IIS, test it with a self-signed cert and only actually go ahead and buy the real cert before going live. Thanks, the link you provided allowed me to get it imported correctly. This should go on a FAQ. Thanks again, -Mark -Original Message- From: Mikhail Kruk [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 3:42 PM To: Tomcat Users List Subject: RE: SSL configuration question The certificate I imported was not self-signed (or should not be). It is what I received back from Entrust after submitting a CSR. It was already in use on Apache before I decided not to use Apache anymore. It worked before on Apache. I shut down apache and was intending to use the cert on only Tomcat. You can't easily import the certificate that was generated for Apache into Tomcat -- you need to have the prvite key part in your keystore and your private key is in your Apache. There must be a way to get the key from Apache and move it to Tomcat, but I'm not sure what it is. This might help: http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs24694 Thanks, -Mark -Original Message- From: Sasisekar S Sundaram [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 2:43 PM To: Tomcat Users List Subject: Re: SSL configuration question It shows both issued to and issue by because it is a self signed certificate. when you get you certificate authorized by some one like verisign, and then import that certificate into your keystore, you'll get issued by as that certifying authority's name. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 1:13 PM Subject: RE: SSL configuration question Thanks, I tried that before and got a permission error, but it works now. -Mark -Original Message- From: Hein Behrens [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 12:41 PM To: Tomcat Users List Subject: Re: SSL configuration question Answer to number 2 is edit your server.xml change 8443 to 443 in the ssl section also check that the the normal port redirects to 443. Where you see 8443 change to 443. 2 changes in your server.xml. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 7:44 PM Subject: SSL configuration question Solaris 8, Tomcat 5.0.28 I've configured my tomcat installation with my SSL key from Entrust and it is working (sort of). 1. It is not correctly configured. It shows my organization as both issued to and issue by when I view the certificate information. Could someone explain what I have done wrong and how to correct it. 2. It must be run on port 8443 because I need to run it as a user other than root. How can I bypass this limitation and run it on the standard 443 port? Thanks, -Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL configuration question
We've been running with Tomcat 4 and Apache 2 for a very long time. Recently another department was put in charge of all of our static pages. This means we will have nothing on our servers but dynamic pages (java web apps) and this is good. The other department specializes in static HTML pages. We are now playing more to our strengths. I've removing Apache/mod_jk from the mix and we are now running exclusively on Tomcat 5, on our development server. Previously we couldn't get our apps to run on Tomcat 5 but I've figured it out recently and was hoping that perhaps we might see a little bit of a performance increase. If the testing works out and our apps benchmark well under Tomcat we will move our production servers to Tomcat 5 exclusively. This is why I needed to be sure I could move the SSL certs between the two servers. Thanks, -Mark -Original Message- From: Mikhail Kruk [mailto:[EMAIL PROTECTED] Sent: Friday, April 01, 2005 9:31 AM To: Tomcat Users List Subject: RE: SSL configuration question Fortunately it's not that Frequent that people end up where you did :) You should first finalize your config and decide whether you will run Tomcat standalone or with Apache/IIS, test it with a self-signed cert and only actually go ahead and buy the real cert before going live. Thanks, the link you provided allowed me to get it imported correctly. This should go on a FAQ. Thanks again, -Mark -Original Message- From: Mikhail Kruk [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 3:42 PM To: Tomcat Users List Subject: RE: SSL configuration question The certificate I imported was not self-signed (or should not be). It is what I received back from Entrust after submitting a CSR. It was already in use on Apache before I decided not to use Apache anymore. It worked before on Apache. I shut down apache and was intending to use the cert on only Tomcat. You can't easily import the certificate that was generated for Apache into Tomcat -- you need to have the prvite key part in your keystore and your private key is in your Apache. There must be a way to get the key from Apache and move it to Tomcat, but I'm not sure what it is. This might help: http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs24694 Thanks, -Mark -Original Message- From: Sasisekar S Sundaram [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 2:43 PM To: Tomcat Users List Subject: Re: SSL configuration question It shows both issued to and issue by because it is a self signed certificate. when you get you certificate authorized by some one like verisign, and then import that certificate into your keystore, you'll get issued by as that certifying authority's name. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 1:13 PM Subject: RE: SSL configuration question Thanks, I tried that before and got a permission error, but it works now. -Mark -Original Message- From: Hein Behrens [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 12:41 PM To: Tomcat Users List Subject: Re: SSL configuration question Answer to number 2 is edit your server.xml change 8443 to 443 in the ssl section also check that the the normal port redirects to 443. Where you see 8443 change to 443. 2 changes in your server.xml. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 7:44 PM Subject: SSL configuration question Solaris 8, Tomcat 5.0.28 I've configured my tomcat installation with my SSL key from Entrust and it is working (sort of). 1. It is not correctly configured. It shows my organization as both issued to and issue by when I view the certificate information. Could someone explain what I have done wrong and how to correct it. 2. It must be run on port 8443 because I need to run it as a user other than root. How can I bypass this limitation and run it on the standard 443 port? Thanks, -Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- --- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- --- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED
Re: SSL configuration question
Answer to number 2 is edit your server.xml change 8443 to 443 in the ssl section also check that the the normal port redirects to 443. Where you see 8443 change to 443. 2 changes in your server.xml. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 7:44 PM Subject: SSL configuration question Solaris 8, Tomcat 5.0.28 I've configured my tomcat installation with my SSL key from Entrust and it is working (sort of). 1. It is not correctly configured. It shows my organization as both issued to and issue by when I view the certificate information. Could someone explain what I have done wrong and how to correct it. 2. It must be run on port 8443 because I need to run it as a user other than root. How can I bypass this limitation and run it on the standard 443 port? Thanks, -Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL configuration question
Thanks, I tried that before and got a permission error, but it works now. -Mark -Original Message- From: Hein Behrens [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 12:41 PM To: Tomcat Users List Subject: Re: SSL configuration question Answer to number 2 is edit your server.xml change 8443 to 443 in the ssl section also check that the the normal port redirects to 443. Where you see 8443 change to 443. 2 changes in your server.xml. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 7:44 PM Subject: SSL configuration question Solaris 8, Tomcat 5.0.28 I've configured my tomcat installation with my SSL key from Entrust and it is working (sort of). 1. It is not correctly configured. It shows my organization as both issued to and issue by when I view the certificate information. Could someone explain what I have done wrong and how to correct it. 2. It must be run on port 8443 because I need to run it as a user other than root. How can I bypass this limitation and run it on the standard 443 port? Thanks, -Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL configuration question
It shows both issued to and issue by because it is a self signed certificate. when you get you certificate authorized by some one like verisign, and then import that certificate into your keystore, you'll get issued by as that certifying authority's name. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 1:13 PM Subject: RE: SSL configuration question Thanks, I tried that before and got a permission error, but it works now. -Mark -Original Message- From: Hein Behrens [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 12:41 PM To: Tomcat Users List Subject: Re: SSL configuration question Answer to number 2 is edit your server.xml change 8443 to 443 in the ssl section also check that the the normal port redirects to 443. Where you see 8443 change to 443. 2 changes in your server.xml. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 7:44 PM Subject: SSL configuration question Solaris 8, Tomcat 5.0.28 I've configured my tomcat installation with my SSL key from Entrust and it is working (sort of). 1. It is not correctly configured. It shows my organization as both issued to and issue by when I view the certificate information. Could someone explain what I have done wrong and how to correct it. 2. It must be run on port 8443 because I need to run it as a user other than root. How can I bypass this limitation and run it on the standard 443 port? Thanks, -Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL configuration question
I have never done this and I was wondering, now that we are talking about this. When you create the .csr and the .key files what do you sendto the CA to get a certificate. And the certificate where to do you put it on your server? Thanks, Nestor :-) Néstor Alberto Flórez Torres [EMAIL PROTECTED] 3/31/2005 12:43:10 PM It shows both issued to and issue by because it is a self signed certificate. when you get you certificate authorized by some one like verisign, and then import that certificate into your keystore, you'll get issued by as that certifying authority's name. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 1:13 PM Subject: RE: SSL configuration question Thanks, I tried that before and got a permission error, but it works now. -Mark -Original Message- From: Hein Behrens [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 12:41 PM To: Tomcat Users List Subject: Re: SSL configuration question Answer to number 2 is edit your server.xml change 8443 to 443 in the ssl section also check that the the normal port redirects to 443. Where you see 8443 change to 443. 2 changes in your server.xml. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 7:44 PM Subject: SSL configuration question Solaris 8, Tomcat 5.0.28 I've configured my tomcat installation with my SSL key from Entrust and it is working (sort of). 1. It is not correctly configured. It shows my organization as both issued to and issue by when I view the certificate information. Could someone explain what I have done wrong and how to correct it. 2. It must be run on port 8443 because I need to run it as a user other than root. How can I bypass this limitation and run it on the standard 443 port? Thanks, -Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL configuration question
The certificate I imported was not self-signed (or should not be). It is what I received back from Entrust after submitting a CSR. It was already in use on Apache before I decided not to use Apache anymore. It worked before on Apache. I shut down apache and was intending to use the cert on only Tomcat. Thanks, -Mark -Original Message- From: Sasisekar S Sundaram [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 2:43 PM To: Tomcat Users List Subject: Re: SSL configuration question It shows both issued to and issue by because it is a self signed certificate. when you get you certificate authorized by some one like verisign, and then import that certificate into your keystore, you'll get issued by as that certifying authority's name. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 1:13 PM Subject: RE: SSL configuration question Thanks, I tried that before and got a permission error, but it works now. -Mark -Original Message- From: Hein Behrens [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 12:41 PM To: Tomcat Users List Subject: Re: SSL configuration question Answer to number 2 is edit your server.xml change 8443 to 443 in the ssl section also check that the the normal port redirects to 443. Where you see 8443 change to 443. 2 changes in your server.xml. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 7:44 PM Subject: SSL configuration question Solaris 8, Tomcat 5.0.28 I've configured my tomcat installation with my SSL key from Entrust and it is working (sort of). 1. It is not correctly configured. It shows my organization as both issued to and issue by when I view the certificate information. Could someone explain what I have done wrong and how to correct it. 2. It must be run on port 8443 because I need to run it as a user other than root. How can I bypass this limitation and run it on the standard 443 port? Thanks, -Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL configuration question
The certificate I imported was not self-signed (or should not be). It is what I received back from Entrust after submitting a CSR. It was already in use on Apache before I decided not to use Apache anymore. It worked before on Apache. I shut down apache and was intending to use the cert on only Tomcat. You can't easily import the certificate that was generated for Apache into Tomcat -- you need to have the prvite key part in your keystore and your private key is in your Apache. There must be a way to get the key from Apache and move it to Tomcat, but I'm not sure what it is. This might help: http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs24694 Thanks, -Mark -Original Message- From: Sasisekar S Sundaram [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 2:43 PM To: Tomcat Users List Subject: Re: SSL configuration question It shows both issued to and issue by because it is a self signed certificate. when you get you certificate authorized by some one like verisign, and then import that certificate into your keystore, you'll get issued by as that certifying authority's name. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 1:13 PM Subject: RE: SSL configuration question Thanks, I tried that before and got a permission error, but it works now. -Mark -Original Message- From: Hein Behrens [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 12:41 PM To: Tomcat Users List Subject: Re: SSL configuration question Answer to number 2 is edit your server.xml change 8443 to 443 in the ssl section also check that the the normal port redirects to 443. Where you see 8443 change to 443. 2 changes in your server.xml. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 7:44 PM Subject: SSL configuration question Solaris 8, Tomcat 5.0.28 I've configured my tomcat installation with my SSL key from Entrust and it is working (sort of). 1. It is not correctly configured. It shows my organization as both issued to and issue by when I view the certificate information. Could someone explain what I have done wrong and how to correct it. 2. It must be run on port 8443 because I need to run it as a user other than root. How can I bypass this limitation and run it on the standard 443 port? Thanks, -Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL configuration question
I thought the two are not related my key is stored in the java keystore. I did everything with keytool, part of java. Tomcat only needs the password and name. The SSL certificate is not generated for or by tomcat. Hein - Original Message - From: Mikhail Kruk [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 11:42 PM Subject: RE: SSL configuration question The certificate I imported was not self-signed (or should not be). It is what I received back from Entrust after submitting a CSR. It was already in use on Apache before I decided not to use Apache anymore. It worked before on Apache. I shut down apache and was intending to use the cert on only Tomcat. You can't easily import the certificate that was generated for Apache into Tomcat -- you need to have the prvite key part in your keystore and your private key is in your Apache. There must be a way to get the key from Apache and move it to Tomcat, but I'm not sure what it is. This might help: http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs24694 Thanks, -Mark -Original Message- From: Sasisekar S Sundaram [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 2:43 PM To: Tomcat Users List Subject: Re: SSL configuration question It shows both issued to and issue by because it is a self signed certificate. when you get you certificate authorized by some one like verisign, and then import that certificate into your keystore, you'll get issued by as that certifying authority's name. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 1:13 PM Subject: RE: SSL configuration question Thanks, I tried that before and got a permission error, but it works now. -Mark -Original Message- From: Hein Behrens [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 12:41 PM To: Tomcat Users List Subject: Re: SSL configuration question Answer to number 2 is edit your server.xml change 8443 to 443 in the ssl section also check that the the normal port redirects to 443. Where you see 8443 change to 443. 2 changes in your server.xml. - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, March 31, 2005 7:44 PM Subject: SSL configuration question Solaris 8, Tomcat 5.0.28 I've configured my tomcat installation with my SSL key from Entrust and it is working (sort of). 1. It is not correctly configured. It shows my organization as both issued to and issue by when I view the certificate information. Could someone explain what I have done wrong and how to correct it. 2. It must be run on port 8443 because I need to run it as a user other than root. How can I bypass this limitation and run it on the standard 443 port? Thanks, -Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
