3rd update:
For the 2nd issue below, I had some "http" references in my static html file--that's why I was getting the message about the page having unencrypted elements on it. :-)
I still haven't figured out the 1st issue regarding ports 443/8443, but 443 is the one I want anyhow, so it's not critical that I figure that out (although I'm curious!)
Sonny
From: "Sonny Sukumar" <[EMAIL PROTECTED]>
2nd Update:
--I reconfigured the SSL port from 8443 to 443 on our server (as well as the redirect port), and all of a sudden I can connect using SSL. I don't understand why 8443 didn't work. Any ideas??
--Now when I request static HTML pages, I get a browser alert saying that some of the info on the requested page is NOT encrypted, so it displays a lock broken in half instead of the golden lock I so desire. :-( I can't understand how a page would get partially encrypted--especially a static HTML page.
I'm not sure if it's relevant, but I use Cocoon for the backend (2.1.2) in conjunction with Tomcat (4.1.27) on Linux (RedHat 7.3).
Sonny
From: "Sonny Sukumar" <[EMAIL PROTECTED]>
Update: I did a "keytool -list" with the "-rfc" options and discovered that all the certs *are* in fact there, but just that public/private key were bundled together under the same alias. The way it lists the certs by default is what confused me.
HOWEVER, I uploaded the keystore to our server, set up server.xml, and restarted Tomcat, but every single secure connection I attempt just times out. I don't understand why this happens.
Here's my server.xml SSL connector:
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="100" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true"
compression="on">
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS" keystorePass="changeit"
keystoreFile="conf/.keystore"/>
</Connector>
Btw, does anybody know how to secure the server.xml file? It contains some clear text passwords, so this really concerns me! (Yes, I know "changeit" is the default password even without specifying it here).
Also, I don't currently have any <security-contraint>s set in my web.xml.
Thanks for any insights!
Sonny
From: "Sonny Sukumar" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [HELP!] Which key alias names to use for SSL? Date: Sat, 11 Oct 2003 14:12:17 -0700
Hi Adam,
Your first step was:# keytool -genkey -alias tomcat -keyalg RSA
and your last step was:# keytool -import trustcacerts -file public.crt -alias tomcat
So you used the same alias ("tomcat") for both the private key and the signed public key. This is what doesn't work for me, because when I import the signed public key using the same ("tomcat") alias, my private key gets overwritten. I've verified this using "keytool list -keystore ./.keystore"
I also have the root cert from GeoTrust in there with alias "root". The root cert is actually an Equifax cert valid from 1998 to 2018, but the GeoTrust tech support rep told me to use that one. Could this be the problem?
Other ideas?
Thanks,
Sonny
From: Adam Hardy <[EMAIL PROTECTED]>
On 10/11/2003 09:08 PM Sonny Sukumar wrote:
[I sent this once before, but got no response, and I'm not sure what to do. Thanks in advance.]
Hi guys,
I'm trying to setup my Tomcat (4.1.27) server to work with SSL. I got a CA-signed cert to go with my private key and CA root cert, but I'm confused as to how to name the alias for the CA-signed-cert and my private key.
The Tomcat SSL How-To is confusing me, becuase it says to give the "tomcat" alias to both the private key and the CA-signed key. I tried it and it overwrote my private key (luckily I made a backup of my keystore).
I'm looking at this documentation: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
It also doesn't seem possible to configure the alias names in server.xml. So what alias names should I use? :-)
_________________________________________________________________
Instant message with integrated webcam using MSN Messenger 6.0. Try it now FREE! http://msnmessenger-download.com
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
_________________________________________________________________
Share your photos without swamping your Inbox. Get Hotmail Extra Storage today! http://join.msn.com/?PAGE=features/es
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
_________________________________________________________________
Frustrated with dial-up? Get high-speed for as low as $29.95/month (depending on the local service providers in your area). https://broadband.msn.com
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
_________________________________________________________________
Instant message during games with MSN Messenger 6.0. Download it now FREE! http://msnmessenger-download.com
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
