subject:"RE\: SSL is not working"

Re: SSL is not working

2017-08-04 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

M.,

On 8/4/17 12:16 PM, M. Manna wrote:
> Have you imported the signed server certificate into the server
> keystore with all the root+intermediate certificates? in other
> words, does the "chain-of-trust" exist in server keystore?
> 
> You just need to add the root and intermediate CA certs to trust
> store - any server certs signed by them is by default, trusted.

No, you definitely don't want to mess around with any trust stores.

Here are the instructions I always follow when using Java keystores
(which are in fact so awful that even Java is giving up on them[1]),
copied directly from my corporate wiki page on the subject (which I
wrote because I can never remember all the steps):

== Create a New Server Key & Certificate with Java's Keytool

Make sure to use Java's keytool with a Java version 1.6 or better.

 $ keytool -genkey -keyalg RSA -sigalg SHA256withRSA -keysize 4096
- -alias ${HOSTNAME} -keystore ${HOSTNAME}.jks

== Generate a CSR to send to a CA using Java's Keytool

 $ keytool -certreq -sigalg SHA256withRSA -keystore ${HOSTNAME}.jks

If you have more than one certificate in there, you'll need to use the
"-alias" option.

== Import a Signed Certificate into your Keystore

You'll need to import the root and intermediate certificates from the
CA first:

 $ keytool -import -alias [Authority.CA] -trustcacerts -file
[authority's CA cert] -keystore ${HOSTNAME}.jks
 $ keytool -import -alias [Authority.intermediate] -trustcacerts -file
[authority's intermediate cert] -keystore ${HOSTNAME}.jks
 $ keytool -import -alias ${HOSTNAME} -file ${HOSTNAME}.crt -keystore
${HOSTNAME}.jks

Note that the order of import matters. If you do this in the opposite
order, I think your server catches fire instantly. Java keystores are
*just that bad*.

Hope that helps,
- -chris

[1] http://openjdk.java.net/jeps/229

> On 4 August 2017 at 17:09, Hameed, Amir 
> wrote:
> 
>> Hi, I am trying to configure Tomcat 8.0.36 with SSL and running
>> into some issues. The JDK version I am using is 1.8.0_64. I used
>> the following process to implement SSL:
>> 
>> 1.   Generated a java key store using the following command: 
>> ${JAVA_HOME}/bin/keytool -genkey -alias [alias-name] -keyalg RSA
>> -keysize 2048 \ -keystore [key-store-path]/keystore.jks -dname
>> "CN=[common-name],OU=[org-unit], O=[company-name], L=[city],
>> ST=[state], C=US"
>> 
>> 
>> 2.   Generated CSR using the following command: 
>> ${JAVA_HOME}/bin/keytool -certreq -alias [alias-name] -file 
>> [key-store-path]/[csr-file-name] \ -keystore
>> [key-store-path]/keystore.jks
>> 
>> 
>> 3.   Requested certificate from COMODO.
>> 
>> 4.   Imported all Trusted certificates from COMODO into the
>> key store using command. There were a total of three trusted
>> certificates that we received from COMODO: 
>> ${JAVA_HOME}/bin/keytool -import -trustcacerts -alias
>> [alias-name] -file [ssl-cert-file] -keystore
>> [key-store-path]/keystore.jks -v
>> 
>> 
>> 5.   Modified Tomcat's server.xml file as shown below:
>> 
>> > 
>> maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
>> 
>> clientAuth="false" sslProtocol="TLS"
>> 
>> keystoreFile="[key-store-path]/keystore.jks"
>> 
>> keystoreType="JKS" keystorePass="[key-store-password]" />
>> 
>> 
>> 
>> 6.   Restarted Tomcat.
>> 
>> 7.   Accessed the Tomcat homepage from the browser using
>> https and the browser complained about page being insecure. When
>> I looked at the certificate from the browser, I see that the
>> Certificate Path tab of the certificate shows that the trusted
>> chain is incomplete and does not show the trusted certificates
>> that I had imported into the key store.
>> 
>> What am I missing here? Any help will be appreciated.
>> 
>> 
>> Thank you, Amir
>> 
>> 
> 
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZhO37AAoJEBzwKT+lPKRYXFMP/jfiWrKQR5dTzarkJdJa39oN
to4WNYH6wfdONcRhQUHggVAid4qPjs567XjGWfRfnZvaxNhQu52rQN7+tbsFwt7i
wTeURIYK0c/xiO6fvUSvc9A5QkXvMUu2vrPy4V6btMxZSmvktxpTMG0iALbUeobv
Jr42EzE6WZ1Lgj6NoGyJIBkCebfu6HRySOWHIi3rQKBSab3sVYf65mryn6zGw8pq
ZMR8daqsrUdrt9f3ZCqCZjWNHk96fTdh2OUvKIFm58ux0bhj+s5LDpBq4LYTDww1
OxFLOlmxqZ1iy0UmnvNCeEagrMveg1XVRYEbH4jBHsW3nCktzUPa62iLE9I25CnN
iBdoGbHD9gal0PdA6+tbw4aZFvEFzqnLp4LSSwQ2Jm+6vb8SpS0/g6a5T0jrR+0j
GQ9bvfZA4MtmrS4+MZOhEBiv0RGmeoaRv/UDIdsOZdzVGfQkqH5vDqoIEZhRH9Wb
7BC5Sw7TyDM5ylT1vjIxucoaPVFc+uWLFZbUMA57tqlfYlxX6oc3ZhnvEZhP49+0
ridFkN1BY7X42flXnoztbc8B0iRj/jFymnHXQcfpL5Vnc48OSdSPktDVnfm8Q9ZF
jZJVzLfn3Og5+FhmBZH+mwAz5nxFN8naEuaSmpUGx0MVcqHBXHHGFd7E7axtUA+e
twkhpNDyccC7mPAVv3ke
=F7Z0
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SSL is not working

2017-08-04 Thread M. Manna

My bad - you can ignore my previous email - i was thinking about some other
scenario.

If the message says "Trusted Chain is Incomplete" - that means that your
browser's certificate store doesn't have the updated information regarding
root+intermediate CA certs. If you have import all the certificates
correctly to your server keystore this shouldn't be happening.
Check this post to see if you find any missing steps -
https://www.digicert.com/util/repair-intermediate-ssl-certificate-errors-using-digicert-utility-for-microsoft-servers.htm
.

Regards,

On 4 August 2017 at 17:38, M. Manna <manme...@gmail.com> wrote:

> if you are testing locally (i.e. on localhost) you might want to check if
> the root and intermediate CA exists. Or just import it
> 1. Find out where your jdk is - say JDK_PATH
> 2. keep a backup copy somewhere for JDK_PATH\jre\lib\security\cacerts
> 2. run the following command for each root/intermediate CA cert
> keytool -import -trustcacerts -keystore JDK_PATH\jre\lib\security\cacerts
> -storepass changeit -noprompt -file CA_FILE_LOCATION
>
> Restart your tomcat. and check.
>
>
>
> On 4 August 2017 at 17:23, Hameed, Amir <amir.ham...@xerox.com> wrote:
>
>> Thank you for your reply. Please see my answers below:
>>
>> Have you imported the signed server certificate into the server keystore
>> with all the root+intermediate certificates? in other words, does the
>> "chain-of-trust" exist in server keystore?
>> >> Yes, I have imported all trusted certificates (COMODORSAAddTrustCA.crt
>> + AddTrustExternalCARoot.crt + 
>> COMODORSAOrganizationValidationSecureServerCA.crt)
>> into the server key store along with the signed server certificate.
>>
>> You just need to add the root and intermediate CA certs to trust store -
>> any server certs signed by them is by default, trusted.
>> >> I am new to Tomcat. Where can I find the trust store and is it
>> separate from the server key store?
>>
>> Thanks
>> -Original Message-
>> From: M. Manna [mailto:manme...@gmail.com]
>> Sent: Friday, August 4, 2017 12:16 PM
>> To: Tomcat Users List <users@tomcat.apache.org>
>> Subject: Re: SSL is not working
>>
>> Have you imported the signed server certificate into the server keystore
>> with all the root+intermediate certificates? in other words, does the
>> "chain-of-trust" exist in server keystore?
>>
>> You just need to add the root and intermediate CA certs to trust store -
>> any server certs signed by them is by default, trusted.
>>
>>
>> On 4 August 2017 at 17:09, Hameed, Amir <amir.ham...@xerox.com> wrote:
>>
>> > Hi,
>> > I am trying to configure Tomcat 8.0.36 with SSL and running into some
>> > issues. The JDK version I am using is 1.8.0_64. I used the following
>> > process to implement SSL:
>> >
>> > 1.   Generated a java key store using the following command:
>> > ${JAVA_HOME}/bin/keytool -genkey -alias [alias-name] -keyalg RSA
>> > -keysize
>> > 2048 \
>> > -keystore [key-store-path]/keystore.jks -dname
>> > "CN=[common-name],OU=[org-unit], O=[company-name], L=[city],
>> ST=[state], C=US"
>> >
>> >
>> > 2.   Generated CSR using the following command:
>> > ${JAVA_HOME}/bin/keytool -certreq -alias [alias-name] -file
>> > [key-store-path]/[csr-file-name] \ -keystore
>> > [key-store-path]/keystore.jks
>> >
>> >
>> > 3.   Requested certificate from COMODO.
>> >
>> > 4.   Imported all Trusted certificates from COMODO into the key
>> store
>> > using command. There were a total of three trusted certificates that
>> > we received from COMODO:
>> > ${JAVA_HOME}/bin/keytool -import -trustcacerts -alias [alias-name]
>> > -file [ssl-cert-file] -keystore [key-store-path]/keystore.jks -v
>> >
>> >
>> > 5.   Modified Tomcat's server.xml file as shown below:
>> >
>> > > >
>> >maxThreads="150" SSLEnabled="true" scheme="https"
>> > secure="true"
>> >
>> >clientAuth="false" sslProtocol="TLS"
>> >
>> >keystoreFile="[key-store-path]/keystore.jks"
>> >
>> >keystoreType="JKS" keystorePass="[key-store-password]"
>> > />
>> >
>> >
>> >
>> > 6.   Restarted Tomcat.
>> >
>> > 7.   Accessed the Tomcat homepage from the browser using https and
>> the
>> > browser complained about page being insecure. When I looked at the
>> > certificate from the browser, I see that the Certificate Path tab of
>> > the certificate shows that the trusted chain is incomplete and does
>> > not show the trusted certificates that I had imported into the key
>> store.
>> >
>> > What am I missing here? Any help will be appreciated.
>> >
>> >
>> > Thank you,
>> > Amir
>> >
>> >
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

Re: SSL is not working

2017-08-04 Thread Chaitanya Sabbineni

Hi,

please try to import the certificate into the browser.

Truststore and keystore or not different it depends on the name you give.
example: tomcat_keystore.keystore or tomcat_trust.keystore and need to
provide the respective path and the password in the keystore.

please make sure that same alias name has to used through out the process.

please make sure if your keystore contains any private key entries using
keytool -list - v command. If you had imported proper ssl cert with proper
alias name then ideally you should have private key entry over here.

Thanks


On Fri, 4 Aug 2017 9:53 pm Hameed, Amir, <amir.ham...@xerox.com> wrote:

> Thank you for your reply. Please see my answers below:
>
> Have you imported the signed server certificate into the server keystore
> with all the root+intermediate certificates? in other words, does the
> "chain-of-trust" exist in server keystore?
> >> Yes, I have imported all trusted certificates (COMODORSAAddTrustCA.crt
> + AddTrustExternalCARoot.crt +
> COMODORSAOrganizationValidationSecureServerCA.crt) into the server key
> store along with the signed server certificate.
>
> You just need to add the root and intermediate CA certs to trust store -
> any server certs signed by them is by default, trusted.
> >> I am new to Tomcat. Where can I find the trust store and is it separate
> from the server key store?
>
> Thanks
> -Original Message-
> From: M. Manna [mailto:manme...@gmail.com]
> Sent: Friday, August 4, 2017 12:16 PM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: Re: SSL is not working
>
> Have you imported the signed server certificate into the server keystore
> with all the root+intermediate certificates? in other words, does the
> "chain-of-trust" exist in server keystore?
>
> You just need to add the root and intermediate CA certs to trust store -
> any server certs signed by them is by default, trusted.
>
>
> On 4 August 2017 at 17:09, Hameed, Amir <amir.ham...@xerox.com> wrote:
>
> > Hi,
> > I am trying to configure Tomcat 8.0.36 with SSL and running into some
> > issues. The JDK version I am using is 1.8.0_64. I used the following
> > process to implement SSL:
> >
> > 1.   Generated a java key store using the following command:
> > ${JAVA_HOME}/bin/keytool -genkey -alias [alias-name] -keyalg RSA
> > -keysize
> > 2048 \
> > -keystore [key-store-path]/keystore.jks -dname
> > "CN=[common-name],OU=[org-unit], O=[company-name], L=[city], ST=[state],
> C=US"
> >
> >
> > 2.   Generated CSR using the following command:
> > ${JAVA_HOME}/bin/keytool -certreq -alias [alias-name] -file
> > [key-store-path]/[csr-file-name] \ -keystore
> > [key-store-path]/keystore.jks
> >
> >
> > 3.   Requested certificate from COMODO.
> >
> > 4.   Imported all Trusted certificates from COMODO into the key store
> > using command. There were a total of three trusted certificates that
> > we received from COMODO:
> > ${JAVA_HOME}/bin/keytool -import -trustcacerts -alias [alias-name]
> > -file [ssl-cert-file] -keystore [key-store-path]/keystore.jks -v
> >
> >
> > 5.   Modified Tomcat's server.xml file as shown below:
> >
> >  >
> >maxThreads="150" SSLEnabled="true" scheme="https"
> > secure="true"
> >
> >clientAuth="false" sslProtocol="TLS"
> >
> >keystoreFile="[key-store-path]/keystore.jks"
> >
> >keystoreType="JKS" keystorePass="[key-store-password]"
> > />
> >
> >
> >
> > 6.   Restarted Tomcat.
> >
> > 7.   Accessed the Tomcat homepage from the browser using https and
> the
> > browser complained about page being insecure. When I looked at the
> > certificate from the browser, I see that the Certificate Path tab of
> > the certificate shows that the trusted chain is incomplete and does
> > not show the trusted certificates that I had imported into the key store.
> >
> > What am I missing here? Any help will be appreciated.
> >
> >
> > Thank you,
> > Amir
> >
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

Re: SSL is not working

2017-08-04 Thread M. Manna

if you are testing locally (i.e. on localhost) you might want to check if
the root and intermediate CA exists. Or just import it
1. Find out where your jdk is - say JDK_PATH
2. keep a backup copy somewhere for JDK_PATH\jre\lib\security\cacerts
2. run the following command for each root/intermediate CA cert
keytool -import -trustcacerts -keystore JDK_PATH\jre\lib\security\cacerts
-storepass changeit -noprompt -file CA_FILE_LOCATION

Restart your tomcat. and check.



On 4 August 2017 at 17:23, Hameed, Amir <amir.ham...@xerox.com> wrote:

> Thank you for your reply. Please see my answers below:
>
> Have you imported the signed server certificate into the server keystore
> with all the root+intermediate certificates? in other words, does the
> "chain-of-trust" exist in server keystore?
> >> Yes, I have imported all trusted certificates (COMODORSAAddTrustCA.crt
> + AddTrustExternalCARoot.crt + 
> COMODORSAOrganizationValidationSecureServerCA.crt)
> into the server key store along with the signed server certificate.
>
> You just need to add the root and intermediate CA certs to trust store -
> any server certs signed by them is by default, trusted.
> >> I am new to Tomcat. Where can I find the trust store and is it separate
> from the server key store?
>
> Thanks
> -Original Message-
> From: M. Manna [mailto:manme...@gmail.com]
> Sent: Friday, August 4, 2017 12:16 PM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: Re: SSL is not working
>
> Have you imported the signed server certificate into the server keystore
> with all the root+intermediate certificates? in other words, does the
> "chain-of-trust" exist in server keystore?
>
> You just need to add the root and intermediate CA certs to trust store -
> any server certs signed by them is by default, trusted.
>
>
> On 4 August 2017 at 17:09, Hameed, Amir <amir.ham...@xerox.com> wrote:
>
> > Hi,
> > I am trying to configure Tomcat 8.0.36 with SSL and running into some
> > issues. The JDK version I am using is 1.8.0_64. I used the following
> > process to implement SSL:
> >
> > 1.   Generated a java key store using the following command:
> > ${JAVA_HOME}/bin/keytool -genkey -alias [alias-name] -keyalg RSA
> > -keysize
> > 2048 \
> > -keystore [key-store-path]/keystore.jks -dname
> > "CN=[common-name],OU=[org-unit], O=[company-name], L=[city],
> ST=[state], C=US"
> >
> >
> > 2.   Generated CSR using the following command:
> > ${JAVA_HOME}/bin/keytool -certreq -alias [alias-name] -file
> > [key-store-path]/[csr-file-name] \ -keystore
> > [key-store-path]/keystore.jks
> >
> >
> > 3.   Requested certificate from COMODO.
> >
> > 4.   Imported all Trusted certificates from COMODO into the key store
> > using command. There were a total of three trusted certificates that
> > we received from COMODO:
> > ${JAVA_HOME}/bin/keytool -import -trustcacerts -alias [alias-name]
> > -file [ssl-cert-file] -keystore [key-store-path]/keystore.jks -v
> >
> >
> > 5.   Modified Tomcat's server.xml file as shown below:
> >
> >  >
> >maxThreads="150" SSLEnabled="true" scheme="https"
> > secure="true"
> >
> >clientAuth="false" sslProtocol="TLS"
> >
> >keystoreFile="[key-store-path]/keystore.jks"
> >
> >keystoreType="JKS" keystorePass="[key-store-password]"
> > />
> >
> >
> >
> > 6.   Restarted Tomcat.
> >
> > 7.   Accessed the Tomcat homepage from the browser using https and
> the
> > browser complained about page being insecure. When I looked at the
> > certificate from the browser, I see that the Certificate Path tab of
> > the certificate shows that the trusted chain is incomplete and does
> > not show the trusted certificates that I had imported into the key store.
> >
> > What am I missing here? Any help will be appreciated.
> >
> >
> > Thank you,
> > Amir
> >
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

RE: SSL is not working

2017-08-04 Thread Hameed, Amir

Thank you for your reply. Please see my answers below:

Have you imported the signed server certificate into the server keystore with 
all the root+intermediate certificates? in other words, does the 
"chain-of-trust" exist in server keystore?
>> Yes, I have imported all trusted certificates (COMODORSAAddTrustCA.crt + 
>> AddTrustExternalCARoot.crt + 
>> COMODORSAOrganizationValidationSecureServerCA.crt) into the server key store 
>> along with the signed server certificate.

You just need to add the root and intermediate CA certs to trust store - any 
server certs signed by them is by default, trusted.
>> I am new to Tomcat. Where can I find the trust store and is it separate from 
>> the server key store?

Thanks
-Original Message-
From: M. Manna [mailto:manme...@gmail.com] 
Sent: Friday, August 4, 2017 12:16 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: SSL is not working

Have you imported the signed server certificate into the server keystore with 
all the root+intermediate certificates? in other words, does the 
"chain-of-trust" exist in server keystore?

You just need to add the root and intermediate CA certs to trust store - any 
server certs signed by them is by default, trusted.


On 4 August 2017 at 17:09, Hameed, Amir <amir.ham...@xerox.com> wrote:

> Hi,
> I am trying to configure Tomcat 8.0.36 with SSL and running into some 
> issues. The JDK version I am using is 1.8.0_64. I used the following 
> process to implement SSL:
>
> 1.   Generated a java key store using the following command:
> ${JAVA_HOME}/bin/keytool -genkey -alias [alias-name] -keyalg RSA 
> -keysize
> 2048 \
> -keystore [key-store-path]/keystore.jks -dname 
> "CN=[common-name],OU=[org-unit], O=[company-name], L=[city], ST=[state], C=US"
>
>
> 2.   Generated CSR using the following command:
> ${JAVA_HOME}/bin/keytool -certreq -alias [alias-name] -file 
> [key-store-path]/[csr-file-name] \ -keystore 
> [key-store-path]/keystore.jks
>
>
> 3.   Requested certificate from COMODO.
>
> 4.   Imported all Trusted certificates from COMODO into the key store
> using command. There were a total of three trusted certificates that 
> we received from COMODO:
> ${JAVA_HOME}/bin/keytool -import -trustcacerts -alias [alias-name] 
> -file [ssl-cert-file] -keystore [key-store-path]/keystore.jks -v
>
>
> 5.   Modified Tomcat's server.xml file as shown below:
>
> 
>maxThreads="150" SSLEnabled="true" scheme="https"
> secure="true"
>
>clientAuth="false" sslProtocol="TLS"
>
>keystoreFile="[key-store-path]/keystore.jks"
>
>keystoreType="JKS" keystorePass="[key-store-password]" 
> />
>
>
>
> 6.   Restarted Tomcat.
>
> 7.   Accessed the Tomcat homepage from the browser using https and the
> browser complained about page being insecure. When I looked at the 
> certificate from the browser, I see that the Certificate Path tab of 
> the certificate shows that the trusted chain is incomplete and does 
> not show the trusted certificates that I had imported into the key store.
>
> What am I missing here? Any help will be appreciated.
>
>
> Thank you,
> Amir
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SSL is not working

2017-08-04 Thread M. Manna

Have you imported the signed server certificate into the server keystore
with all the root+intermediate certificates? in other words, does the
"chain-of-trust" exist in server keystore?

You just need to add the root and intermediate CA certs to trust store -
any server certs signed by them is by default, trusted.


On 4 August 2017 at 17:09, Hameed, Amir  wrote:

> Hi,
> I am trying to configure Tomcat 8.0.36 with SSL and running into some
> issues. The JDK version I am using is 1.8.0_64. I used the following
> process to implement SSL:
>
> 1.   Generated a java key store using the following command:
> ${JAVA_HOME}/bin/keytool -genkey -alias [alias-name] -keyalg RSA -keysize
> 2048 \
> -keystore [key-store-path]/keystore.jks -dname 
> "CN=[common-name],OU=[org-unit],
> O=[company-name], L=[city], ST=[state], C=US"
>
>
> 2.   Generated CSR using the following command:
> ${JAVA_HOME}/bin/keytool -certreq -alias [alias-name] -file
> [key-store-path]/[csr-file-name] \
> -keystore [key-store-path]/keystore.jks
>
>
> 3.   Requested certificate from COMODO.
>
> 4.   Imported all Trusted certificates from COMODO into the key store
> using command. There were a total of three trusted certificates that we
> received from COMODO:
> ${JAVA_HOME}/bin/keytool -import -trustcacerts -alias [alias-name] -file
> [ssl-cert-file] -keystore [key-store-path]/keystore.jks -v
>
>
> 5.   Modified Tomcat's server.xml file as shown below:
>
> 
>maxThreads="150" SSLEnabled="true" scheme="https"
> secure="true"
>
>clientAuth="false" sslProtocol="TLS"
>
>keystoreFile="[key-store-path]/keystore.jks"
>
>keystoreType="JKS" keystorePass="[key-store-password]" />
>
>
>
> 6.   Restarted Tomcat.
>
> 7.   Accessed the Tomcat homepage from the browser using https and the
> browser complained about page being insecure. When I looked at the
> certificate from the browser, I see that the Certificate Path tab of the
> certificate shows that the trusted chain is incomplete and does not show
> the trusted certificates that I had imported into the key store.
>
> What am I missing here? Any help will be appreciated.
>
>
> Thank you,
> Amir
>
>

Re: SSL configuration - Not working

2013-07-25 Thread André Warnier


Yuvapriya s wrote:

Hi,

We had done split deployment of apache and tomcat and we are trying to
configure ssl on apache.
Modified the httpd_ssl.conf file and uncommented the lines to include
mod_ssl.so and the conf file in httpd.conf and restarted apache.

Now we are getting below errors while loading the url
https:servername/BOE/CMC - HTTP 403 Forbidden Error
https:Servername/BOE/BI - HTTP 404 Not Found

When checked on the logs, found the below error messages.
[client ::1] Directory index forbidden by Options directive: G:/Program
Files (x86)/Apache Software Foundation/Apache2.2/htdocs/BOE/CMC/
[client ::1] File does not exist: G:/Program Files (x86)/Apache Software
Foundation/Apache2.2/htdocs/BOE/BI

Could you please help on what needs to be done to resolve the same?



Yes. You should probably post this on the Apache httpd list, not here.
This is the Apache Tomcat list, and your problem seems to be with Apache httpd, as far as 
I can tell from the above.


Note that the errors above do not seem to be related to SSL per se. It seems more like an 
incorrect configuration of your Directory sections in httpd.conf.

The error messages themselves are also rather explicit about what is wrong.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SSL is not working in Java Mobile Applications

2009-04-02 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Siva,

On 4/2/2009 9:34 AM, SivaKumarl wrote:
 I am developing java mobile application using XHTML-MP,i generate a
 key store file and configured in Tomcat Server.xml it is working fine
 in browsers but while accessing through mobile i am getting error 
 screen Security error:Untrusted Server certificate.

Perhaps your mobile devices don't have the latest set of top-level
and/or intermediate CA certs installed.

 I checked with remaining https urls they are working fine in mobile,
 Please suggest to generate keystore file for mobiles and how access
 in mobiles.

What type of SSL cert do you have? Do you have one of the newfangled EV
certs? If so, it's possible your clients are missing the right certs
from the CA that build the proper trust chain. Your only possibility in
that case would be to get an older-style certificate which uses an older
(and more wide-spread) CA cert.

Try doing this:

1. Visit your website using a browser and bring up the details for the
SSL certificate so you can see the chain of certs from the top-level
(something like VeriSign or Thawte) all the way down to yours.

2. Do the same thing with /another/ site that appears to work on your
mobile device.

3. Compare the two certificate chains to see what the differences are.

Do you find any differences? If you can't tell, post back with all the
details.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAknUxuwACgkQ9CaO5/Lv0PBLwQCgmAzfkvz3bCPX5p+CRUn0/cnm
gSwAoIzpbQgfFT0fIaDVBQLnN05/a2s/
=6uAb
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SSL is not working

Re: SSL is not working

Re: SSL is not working

Re: SSL is not working

RE: SSL is not working

Re: SSL is not working

Re: SSL configuration - Not working

Re: SSL is not working in Java Mobile Applications

8 matches

Site Navigation

Mail list logo

Footer information