Hi,
Just to be a bit less stupid on certificate, a certificate always
include the public and the private key doesn't it ?
Is it for this reason you don't see the need of including the private
key once again in the PKCS12 ?
Víctor Torres - UPF a écrit :
Thanks, but this does not solve my problem.
What I can see in your directions is that you are using JKS keystore
and you are importing the certificate and the private key.
What I was saying is that it should NOT be necessary to import the
private keys into a truststoreFile. In fact, when I use as
truststoreFile a PKCS12 with the certificate and private key it works.
It fails when the PKCS12 only contains the certificate. This seems to
me strange.
Any other suggestions?
----- Original Message ----- From: "Martin Gainty" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <users@tomcat.apache.org>; "Víctor Torres -
UPF" <[EMAIL PROTECTED]>
Sent: Tuesday, October 24, 2006 5:41 PM
Subject: Re: problem with truststoreFile in server.xml
Hello Victor-
you may want to follow the directions on how to create an empty
keystore and then import Import the private key/certificate chain
into the java keystore using extkeytool
http://www.switch.ch/aai/certificates/certificateupdate.html
then take a look at the keys afterwards at
keytool -v -list -keystore www.example.edu.jks
Anyone else?
M--
This e-mail communication and any attachments may contain
confidential and privileged information for the use of the
designated recipients named above. If you are not the intended
recipient, you are hereby notified that you have received
this communication in error and that any review, disclosure,
dissemination, distribution or copying of it or its
contents
----- Original Message ----- From: "Víctor Torres - UPF"
<[EMAIL PROTECTED]>
To: <users@tomcat.apache.org>
Sent: Tuesday, October 24, 2006 9:14 AM
Subject: problem with truststoreFile in server.xml
Dear all,
I have configured my Tomcat 5.5.17 to require SSL client
authentication. For
this purpose, I have stored my root CA certificate into a PKCS12
keystore
which I use as truststoreFile by configuring server.xml. This CA
certificate
is used to sign user certificates that I want to be trusted.
The problem I have is the following:
- truststoreFile (PKCS12) contains root CA certificate + private key ->
everything works perfectly.
- truststoreFile (PKCS12) contains root CA certificate -> clients
cannot
connect.
truststoreFile should not contain private keys, so why does Tomcat
behave in
this way?
Thanks in advance.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]