Re: PKCS#12 type SSL certificate support in Tomcat
HI Hitesh, I think you are suppose to add your pkcs12 key to a keystore repository (to the default alias name tomcat, of course, this can be also changed) and then reference this keystore repository from within Tomcat. Regards, lg On Oct 30, 2007 3:39 AM, Hitesh Raghav [EMAIL PROTECTED] wrote: Hi Lucas, I'm using following connector/ configuration: Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS / Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false protocol=TLS keystoreFile=keystore/.keystore keystorePass=changeit keystoreType=pkcs12 / Please let me know in case any other details are needed. Thanks, -Hitesh -Original Message- From: Lucas Galfaso [mailto:[EMAIL PROTECTED] Sent: Friday, October 26, 2007 7:39 PM To: Tomcat Users List Subject: Re: PKCS#12 type SSL certificate support in Tomcat Can you post the Connector / configuration that you are using? - lg On 10/26/07, Hitesh Raghav [EMAIL PROTECTED] wrote: Dear All, Is there any limitation to support PKCS#12 type SSL certificate in Tomcat. As per Tomcat User Guide, Tomcat currently operates with JKS, PKCS11 or PKCS12 format keystores. http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html But, I'm unable to use PKCS#12 certificate in my Tomcat. It throws: java.io.IOException: Invalid keystore format at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38) at java.security.KeyStore.load(KeyStore.java:1185) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketF ac tory.java:287) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESock et Factory.java:227) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSS E1 4SocketFactory.java:142) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketF ac tory.java:110) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESoc ke tFactory.java:89) at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint. java:293) at org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.ja va :139) at org.apache.catalina.connector.Connector.initialize(Connector.java:1017) at org.apache.catalina.core.StandardService.initialize(StandardService.ja va :578) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java :7 82) at org.apache.catalina.startup.Catalina.load(Catalina.java:504) at org.apache.catalina.startup.Catalina.load(Catalina.java:524) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j av a:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess or Impl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432) Could you please throw some light on PKCS#12 type certificate support. Please let me know in case any details are needed. Thanks, -Hitesh - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: PKCS#12 type SSL certificate support in Tomcat
Hitesh Raghav wrote: Hi Lucas, I'm using following connector/ configuration: Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS / Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false protocol=TLS keystoreFile=keystore/.keystore keystorePass=changeit keystoreType=pkcs12 / Please let me know in case any other details are needed. That suggests a old Tomcat 4 version. Earlier you quoted the 5.5 docs. Which version are you actually using? I haven't tested this with Tomcat 4 but I suspect you'll need 4.1.36 for this to work. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: PKCS#12 type SSL certificate support in Tomcat
Hi Lucas, I'm using following connector/ configuration: Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS / Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false protocol=TLS keystoreFile=keystore/.keystore keystorePass=changeit keystoreType=pkcs12 / Please let me know in case any other details are needed. Thanks, -Hitesh -Original Message- From: Lucas Galfaso [mailto:[EMAIL PROTECTED] Sent: Friday, October 26, 2007 7:39 PM To: Tomcat Users List Subject: Re: PKCS#12 type SSL certificate support in Tomcat Can you post the Connector / configuration that you are using? - lg On 10/26/07, Hitesh Raghav [EMAIL PROTECTED] wrote: Dear All, Is there any limitation to support PKCS#12 type SSL certificate in Tomcat. As per Tomcat User Guide, Tomcat currently operates with JKS, PKCS11 or PKCS12 format keystores. http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html But, I'm unable to use PKCS#12 certificate in my Tomcat. It throws: java.io.IOException: Invalid keystore format at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38) at java.security.KeyStore.load(KeyStore.java:1185) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketF ac tory.java:287) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESock et Factory.java:227) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSS E1 4SocketFactory.java:142) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketF ac tory.java:110) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESoc ke tFactory.java:89) at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint. java:293) at org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.ja va :139) at org.apache.catalina.connector.Connector.initialize(Connector.java:1017) at org.apache.catalina.core.StandardService.initialize(StandardService.ja va :578) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java :7 82) at org.apache.catalina.startup.Catalina.load(Catalina.java:504) at org.apache.catalina.startup.Catalina.load(Catalina.java:524) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j av a:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess or Impl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432) Could you please throw some light on PKCS#12 type certificate support. Please let me know in case any details are needed. Thanks, -Hitesh - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: PKCS#12 type SSL certificate support in Tomcat
Can you post the Connector / configuration that you are using? - lg On 10/26/07, Hitesh Raghav [EMAIL PROTECTED] wrote: Dear All, Is there any limitation to support PKCS#12 type SSL certificate in Tomcat. As per Tomcat User Guide, Tomcat currently operates with JKS, PKCS11 or PKCS12 format keystores. http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html But, I'm unable to use PKCS#12 certificate in my Tomcat. It throws: java.io.IOException: Invalid keystore format at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38) at java.security.KeyStore.load(KeyStore.java:1185) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFac tory.java:287) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocket Factory.java:227) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE1 4SocketFactory.java:142) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFac tory.java:110) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocke tFactory.java:89) at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint. java:293) at org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java :139) at org.apache.catalina.connector.Connector.initialize(Connector.java:1017) at org.apache.catalina.core.StandardService.initialize(StandardService.java :578) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:7 82) at org.apache.catalina.startup.Catalina.load(Catalina.java:504) at org.apache.catalina.startup.Catalina.load(Catalina.java:524) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav a:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432) Could you please throw some light on PKCS#12 type certificate support. Please let me know in case any details are needed. Thanks, -Hitesh - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]