Re: Certificate problem with Netscape 4.7 and IE >5.0

2001-12-06 Thread Madhav Tadikonda 

Tom,

Is the certificate you received a test certificate or the full commercial 
release?  If it was a test certificate, I think you need to download the 
test root ID and install it in your browser for the test certificate to 
work.  I know on Thawte and Verisign you can get this ID off of their 
website.


>From: Tom Graf <[EMAIL PROTECTED]>
>Reply-To: "Tomcat Users List" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Certificate problem with Netscape 4.7 and IE >5.0
>Date: Thu, 06 Dec 2001 10:11:14 +0100
>MIME-Version: 1.0
>Received: from [192.18.49.131] by hotmail.com (3.2) with ESMTP id 
>MHotMailBDD8814200BC4004370BC0123183F92F0; Thu, 06 Dec 2001 01:11:31 -0800
>Received: (qmail 18998 invoked by uid 97); 6 Dec 2001 09:11:26 -
>Received: (qmail 18987 invoked from network); 6 Dec 2001 09:11:26 -
>From tomcat-user-return-4055-madhavt Thu, 06 Dec 2001 01:11:41 -0800
>Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
>Precedence: bulk
>List-Unsubscribe: 
>List-Subscribe: 
>List-Help: 
>List-Post: 
>List-Id: "Tomcat Users List" 
>Delivered-To: mailing list [EMAIL PROTECTED]
>Message-Id: <[EMAIL PROTECTED]>
>X-Sender: [EMAIL PROTECTED]
>X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
>X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
>
>Dear all,
>
>I've got lots of problems with Tomcat 4.0.1. and my digital server 
>certificate.
>
>The following describes shortly the steps I've done so far:
>
>First of all, I generated a self-signed certificate as described in the
>Tomcat documentation. Then, I created a Certificate Signing Request that I
>sent to the GlobalSign certificate authority. In return, I received my
>digital server certificate (in .pem format) and replaced the self-signed
>certificate with the new one (with keytool under Solaris 2.6).
>
>So far so good.
>
>When I start Internet Explorer, it shows the yellow padlock but the
>encrypted page doesn't appear and a double click on the padlock says "This
>type of document does not have a security certificate".
>The Netscape 4.7 message is even worse, it says "Netscape and this server
>cannot communicate securely because they have no common encryption 
>algorithms".
>
>Can anybody on this list tell me what the problem is? What am I doing 
>wrong?
>
>Your help is very much appreciated.
>
>Many thanks in advance. Kind regards,
>
>
>/ / / / / / / / / / / / / / / / / / / / / / / / / / / / / / /
>Chemins de fer luxembourgeois
>9, place de la gare
>L-1616 Luxembourg
>
>Tom GRAF
>Webmaster
>E-mail: [EMAIL PROTECTED]
>Internet: http://www.cfl.lu
>/ / / / / / / / / / / / / / / / / / / / / / / / / / / / / / /
>
>
>--
>To unsubscribe:   
>For additional commands: 
>Troubles with the list: 
>


_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


--
To unsubscribe:   
For additional commands: 
Troubles with the list:

SSL Standalone Tomcat 4.0 Windows NT - Thawte

2001-12-04 Thread Madhav Tadikonda 

I was wondering if anyone has successfully installed a commercial cert into 
Tomcat 4.0 on Windows using the "keytool" function?

I am following the attached instructions and got to the final step (keytool 
-import -alias tomcat -trustcacerts..) of importing my test Thawte 
certificate and I get the following error:

keytool error: java.security.cert.CertificateException: Unsupported encoding

I was wondering if anyone has experienced this problem?  I am having issues 
with OpenSSL and was hoping to just use the keytool function.

Thank you,
Madhav


Some day's ago [EMAIL PROTECTED] sent the attached mail:

>-Ursprüngliche Nachricht-
>Von: Jon Shoberg [mailto:[EMAIL PROTECTED]]
>Gesendet: Donnerstag, 27. September 2001 00:41
>An: [EMAIL PROTECTED]
>Betreff: Thawte, SSL, and Tomcat

>   Does anyone have, literally, "blind instructions" for setting up a
>commercial SSL cert?  The current docs are pretty good but I am looking for
>something related to tomcat 3.x.x which covers creation and install of a
>commercial cert.


--- Begin Message ---
Hi,

after long time of trying to setup a (demo)certificate from thawte.com
or
trustcenter.de I finally made it. And because of the numerous questions
on
this list concerning this topic, I thought it would be a good idea to
share
my gained "wisdom" :-)
So what follows is a step-by-step instruction on how to install a
commercial
(*not* self signed or openssl) certificate:
1. generate a local certificate:
   keytool -genkey -alias tomcat -keyalg RSA -keystore 
   where  is the name of the desired keystore-file
2. generate the CSR (you need it to request your (demo)certificate)
   keytool -certreq -keyalg RSA -alias tomcat -file certreq.pem
-keystore

   now you have a file called "certreq.pem". Send this to your
trustcenter.
3. most trustcenters do not deliver a so called "chained certificate",
   so you have to install their root-certificate (their website says
where
to find it)
   keytool -import -alias root -keystore  -trustcacerts -file

4. after your final (demo)certificate has been sent to you, install it
like
this
   keytool -import -alias tomcat -keystore  -trustcacerts -file


For the tomcat-specific part of the installation go to the *real good*
tomcat-doc-page:
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html

I hope it helped somebody... If there are any
questions/suggestions/etc...
simply hit "REPLY" (-:

greets,
pero



_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


--
To unsubscribe:   
For additional commands: 
Troubles with the list: