Hi all,
I'm a bit confused here with tomcat and SSL.
I've generated a key using keytool -genkey -alias tomcat -keyalg RSA as
described in the tomcat faq. This works fine, although the certificate
appears as "signed by an unknown source", and we really need it to just
plop straight into https without any warnings appearing on the users
screens...
So I've looked at OpenSSL, and generated a key and signing-request, and
got a certificate via verisign, using openssl req -new -out REQ.csr
-keyout KEY.key, again, as in the tomcat faqs.
Whether i put this resulting key through verisign's "free trial" signing
process, or self-sign it with openssl req -x509 -in REQ.csr -key KEY.key
-out CERT.pem, i then install it into the keytool using keytool -import -v
trustcacerts -alias tomcat -file CERT.pem.
If I then visit the site with netscape, I get the error: Netscape and this
server cannot communicate securely because they have no common encryptino
algorithm(s). While internet explorer comes up with no sensible error, but
doesnt work with https.
Does anyone have any ideas what I am doing wrong with this method - it
seems somehow the key generated with openssl is not of the right format
for netscape/ie to understand, yet the one made with keytool -genkey works
fine; - but both are exactly to the letter from the tomcat faq's...
If I cannot get openssl to operate with it correctly, is there a way to
export the key from keytool? - i've only really found it possible to
export the certificate, but not the private key, if it is generated that
way...
Before I go completely insane, has anyone else had any experience of these
problems?
Thanks!!!
--
Regards
Steve Smale
Java Developer
Hugh Symons Information Management
Telephone: 0870 849 0220
Facsimile: 0870 849 0221
www.hughsymons.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
