"Jason Bainbridge" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > On Fri, 4 Mar 2005 06:54:34 -0800, Sweeney, Bill <[EMAIL PROTECTED]> > wrote: >> Hello TC5 Users - >> I used %java-home%/bin/keytool to build the certificate store and the >> server and client certificates (self-signed). Tomcat asks for the >> client certificate when I try and connect, but - here is the problem: >> >> (1) I can't seem to get the client key to export properly so that I can >> install it in the browser; how do I get a .pfx out of the keystore? > > I think you are going to have to use openssl to convert the file after > exporting it, http://www.mindreef.com/products/4.1/help/sslcerts.html > has a little info on that but the reverse. I'm sure there are better > resources but that was the first Google I saw. > >> (2) How can I validate which certificate store is being used by tomcat? >> (I made a few along the way in testing) > > There is a parameter (keyStoreFile?) that you can specify the location > in the Connector properties it's detailled in one of those links you > have.
The one you want is: truststoreFile. > >> (3) I set debug="3" in the SSL connector but am not seeing the SSL >> handshake in stdout. Is there some other way for setting debug to see >> the handshake? > > Not sure on that one. Configure the logging category 'org.apache.tomcat.util.net.jsse' to be DEBUG (in your log4j/JDK 1.4 logging configuration). That will give you lots of Tomcat messages. If you want lower level messages, consult the JSSE docs. > > Regards, > -- > Jason Bainbridge > http://kde.org - [EMAIL PROTECTED] > Personal Site - http://jasonbainbridge.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]