why doesn't tomcat see my correct keystore?

[Rob Lagana]

Hello,

Using tomcat 4.1 on a Windows 2000 sp3 system
Used keytool to generate the alias tomcat and keystore called mykeystore
Create a self signed cert.. used the default password changeit

I then created a CSR from using the keystore.. Imported the signed cert from 
the external CA into the keystore mykeystore

did a -list -keystore mykeystore and it should be the cert..

I then added the attributes to my server.xml file to use point to the new 
mykeystore location with password.. saved and started up tomcat

For some reason it's still looking at the self signed cert and not the new 
one.

What exactly is it looking at?

What am I doing wrong?

Thanks,
Roh

_
MSN 8 with e-mail virus protection service: 2 months FREE* 
http://join.msn.com/?page=features/virus


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: why doesn't tomcat see my correct keystore?

[Rob Lagana]

I found out that tomcat was looking at the .keystore default...
However I specified in the server.xml file the below and tomcat just ignores 
it.

The traditional:

!--  Define a SSL Coyote HTTP/1.1 Connector on port 443
 --
- Connector className=org.apache.coyote.tomcat4.CoyoteConnector 
port=443 minProcessors=5 maxProcessors=75 enableLookups=true 
acceptCount=100 debug=0 scheme=https secure=true 
useURIValidationHack=false disableUploadTimeout=true
 Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory 
clientAuth=false protocol=TLS /
 Parameter Name=keystore Value=C:/keystore/newstore /
 Parameter Name=keypass Value=changeit /
 /Connector


It sees the HTTPS port 443 but ignores the keystore and keypass parameters.. 
I also tried:

!--  Define a SSL Coyote HTTP/1.1 Connector on port 443
 --
- Connector className=org.apache.coyote.tomcat4.CoyoteConnector 
port=443 minProcessors=5 maxProcessors=75 enableLookups=true 
acceptCount=100 debug=0 scheme=https secure=true 
useURIValidationHack=false disableUploadTimeout=true
 Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory 
clientAuth=false protocol=TLS /
 keystoreFile=C:/keystore/newstore keystorePass=changeit /
 Parameter Name=keypass Value=changeit /
 /Connector

Tomcat still does not read the values. It keeps looking at the .keystore 
file located in c:\documents and settings\admin\

Where can I change this path??

Thanks,
Rob








==

Hello,

Using tomcat 4.1 on a Windows 2000 sp3 system
Used keytool to generate the alias tomcat and keystore called mykeystore
Create a self signed cert.. used the default password changeit

I then created a CSR from using the keystore.. Imported the signed cert from 
the external CA into the keystore mykeystore

did a -list -keystore mykeystore and it should be the cert..

I then added the attributes to my server.xml file to use point to the new 
mykeystore location with password.. saved and started up tomcat

For some reason it's still looking at the self signed cert and not the new 
one.

What exactly is it looking at?

What am I doing wrong?

Thanks,
Roh

_
MSN 8 with e-mail virus protection service: 2 months FREE* 
http://join.msn.com/?page=features/virus


--
To unsubscribe, e-mail:   
mailto:[EMAIL PROTECTED]
For additional commands, e-mail: 
mailto:[EMAIL PROTECTED]


_
MSN 8 with e-mail virus protection service: 2 months FREE* 
http://join.msn.com/?page=features/virus


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: why doesn't tomcat see my correct keystore?

[Rob Lagana]

I solved the problem. This apparently works fine..and uses the .keystore 
that I am actually specifying in the server.xml.

See procedures below:


I created a new keystore file but this time I specified the directory to be 
saved in and not the default dir..

such as

C:\keytool -genkey -alias myalias -keyalg RSA -keystore c:\.mykeystore
Enter keystore password:  password

server.xml config as such:

!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --

   Connector className=org.apache.coyote.tomcat4.CoyoteConnector
  port=443 minProcessors=5 maxProcessors=75
  enableLookups=true
	   acceptCount=100 debug=0 scheme=https secure=true
  useURIValidationHack=false disableUploadTimeout=true
 Factory 
className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory
  clientAuth=false protocol=TLS
	   keystoreFile=C:\.mykeystore keystorePass=password /
   /Connector

_
Protect your PC - get McAfee.com VirusScan Online 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]