Hi! I figured it out this weekend, and your sollution is absolute correct!
Thanks for helping me! Morten -----Opprinnelig melding----- Fra: Joseph Stephen [mailto:[EMAIL PROTECTED]] Sendt: 30. november 2002 19:34 Til: Tomcat Users List; [EMAIL PROTECTED] Emne: Re: SV: SV: Problems running VeriSign trial sertificate in Tomcat. I don't think you should not delete the self signed certificate. i.e. you can skip the step keytool -delete -alias tomcat keytool establishes a certificate chain in the keystore, each one validating the parent (or is it the child). So the chain to establish the chain import the cacert file as the root (alias root). the self signed certificate (alias tomcat) and finally the reply from verisign (alias tomcat). When you import the reply you should see the message imported "reply". Let me know if you still face problems Regards, Joseph --- Morten Tollefsen <[EMAIL PROTECTED]> wrote: > Thanks, but I still got problems. > > Here is all I've done (tried it once again...): > > * Generate key (self-signed sertificate): > > keytool -genkey -alias tomcat -keysize 1024 > -validity 365 -keyalg RSA > > * Generate CSR: > > keytool -certreq -alias tomcat -file tomcat.csr > > * Submittet CSR - VeriSign > > * Submitted user information to VeriSign > > * Installed Test CA Root in browser > > * Imported Test CA Root in keystore cacerts in > JAVA_HOME\jre\lib\security > > keytool -import -trustcacerts -file getcacert.cer > -keystore > c:\jdk1.3.1\jre\lib\security\cacerts > > * Received signed sertificated from VeriSign, copy > to file tomcat.cer > > * Deleted self-signed sertificate: > > keytool -delete -alias tomcat > > * Imported signed sertificate from VeriSign: > > keytool -import -alias tomcat -file tomcat.cer > > * Restarted Tomcat, and keep get the following > error: > > javax.net.ssl.SSLException: Unrecognized SSL > handshake. > > Ideas? > > Morten T. > > -----Opprinnelig melding----- > Fra: Joseph Stephen > [mailto:[EMAIL PROTECTED]] > Sendt: 28. november 2002 22:39 > Til: Tomcat Users List > Emne: Re: SV: Problems running VeriSign trial > sertificate in Tomcat. > > > You need to import the verisign test ca root > certificate in to the java cacerts found under > java_home/lib/security/cacerts.. THe test ca root certificate can be > downloaded from > www.verisign.com/trial/server/faq/index.html or > something like that > > --- "Morten mot. Tollefsen" <[EMAIL PROTECTED]> wrote: > > > Any ideas? > > > > Please help me with this problem! > > > > Morten Tollefsen > > > > -----Opprinnelig melding----- > > Fra: Morten Tollefsen > > [mailto:[EMAIL PROTECTED]] > > Sendt: 25. november 2002 12:03 > > Til: '[EMAIL PROTECTED]' > > Emne: Problems running VeriSign trial sertificate > in > > Tomcat. > > > > > > Problem with running Tomcat using VeriSign trial certificate. > > > > Can anyone please help me with this problem? Have > > searched for hours, > > but can't find any sollutions... > > > > I'm running: > > > > Windows 2000 > > JDK 1.3 > > JSSE 1.0.3 > > Tomcat 3.2.3 > > > > Have done: > > > > - Created self-signed certificate using keytool, > OK. > > - Tomcat SSL setup, running with self-signed > > certificate, OK. > > - Created the CSR and sent it to VeriSign, OK. > > - Imported the trial certificate from VeriSign > using > > 'keytool -import > > -alias tomcat -keystore verisign -file tomcat.cer' > > Have also tried to change keystore name and > > password. > > > > Tomcat error message: > > javax.net.ssl.SSLException: Unrecognized SSL > > handshake. > > > > My connector parameters in server.xml: > > > > <Connector > > > className="org.apache.tomcat.service.PoolTcpConnector"> > > <Parameter name="handler" > > > value="org.apache.tomcat.service.http.HttpConnectionHandler"/> > > <Parameter name="port" value="443"/> > > <Parameter name="socketFactory" > > value="org.apache.tomcat.net.SSLSocketFactory" /> > > <Parameter name="keystore" value="c:/documents > and > > settings/localhost/verisign" /> > > <Parameter name="keypass" value="changeit" /> > > <Parameter name="secure" value="true" /> > > <Parameter name="clientauth" value="true" /> > > </Connector> > > > > Have tried to change secure and clientauth > > parameters without success. > > > > Any ideas??? > > > > Greetings > > Morten Tollefsen > > Integrasjonssystemer AS > > [EMAIL PROTECTED] > > 33036066 / 97178250 > > > > > > > > ________________________________________________________________________ > Missed your favourite TV serial last night? Try the > new, Yahoo! TV. > visit http://in.tv.yahoo.com > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > ________________________________________________________________________ Missed your favourite TV serial last night? Try the new, Yahoo! TV. visit http://in.tv.yahoo.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
