That's great advice but it doesn't answer my basic question of whether or not I can import a certificate that was issued based on a request generated by IIS.
rjsjr > My experience was using IIS with Tomcat was very slow > and it is pain in the neck to use tackle with ISAPI > connector and the rest.. It is better to have either > Apache or directly use Tomcat servers > > -----Original Message----- > From: Robert J. Sanford, Jr. [mailto:[EMAIL PROTECTED] > Sent: Friday, August 08, 2003 6:11 PM > To: [EMAIL PROTECTED] > Subject: Installing IIS Certificates in Tomcat? > > > > I'm running Tomcat inside of jboss-3.2.1_tomcat-4.1.24 > > but I think the issue will be the same independent of > > that. The platform is Win2K SP3. The plan is to use > > Tomcat's HTTP server instead of IIS with the AJP ISAPI > > connector. Since all requests are being handled by > > servlets with no static content why even get IIS > > involved? Anyway... > > > I attempted to take an existing certificate whose > > request was generated by IIS and import it into a > > keystore and use that as the basis for my SSL > > crypto. When I attempted to connect via IE the > > connection failed (a site not found error) and the > > exception tree at the bottom of this message was > > generated. I spent a lot of time reading the JBoss > > SSL docs, reading the Tomcat SSL docs, searching > > the Tomcat and JBoss archives, playing with my > > configuration, trying to figure out what ciphers > > were installed, making sure that the CA certificate > > (for testing we use an internal CA) was imported > > into the keystore, etc., etc., etc. None of it > > worked. Everything resulted in the exception chain > > below or something similar. > > > Finally I just decided to go through the instructions > > for generating a new local key, a new certificate > > request, get the certificate from my internal > > certificate authority and import everything into a > > new keystore. It worked with a minor warning saying > > that the machine name on the certificate did not > > match the actual machine name. I'm not sure how to > > resolve that immediately but I don't see that as a > > major issue right now since this is only for testing > > purposes. > > > My big questions are: > > 1) Is there any way that I can import an > > existing certificate that was generated > > based on a request originated in IIS > > into my keystore and have that be > > accepted by Tomcat? > > 2) Or, do I have to go to my IT manager > > and tell him that he needs to go to > > Verisign and get additional > > certificates for IP addresses that > > we already have certificates for? > > 3) Or, should I just use IIS and the > > existing certificates to front Tomcat? > > > > Many thanks for the assist! > > > > rjsjr > > > > 2003-08-07 14:22:55,919 DEBUG > > [org.apache.tomcat.util.net.PoolTcpEndpoint] > > Handshake failed > > javax.net.ssl.SSLHandshakeException: no cipher suites in common > > at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > at com.sun.net.ssl.internal.ssl.SunJSSE_aw.b(DashoA6275) > > at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275) > > at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275) > > at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) > > at > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) > > at > > org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JS > > SESocketFactor > > y.java:290) > > at > > org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoi > > nt.java:540) > > at > > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( > > ThreadPool.java:619) > > at java.lang.Thread.run(Thread.java:536) > > > > 2003-08-07 14:22:55,939 DEBUG > > [org.apache.tomcat.util.net.PoolTcpEndpoint] > > Handshake failed > > javax.net.ssl.SSLException: Unsupported SSL v2.0 ClientHello > > at com.sun.net.ssl.internal.ssl.InputRecord.b(DashoA6275) > > at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) > > at > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) > > at > > org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JS > > SESocketFactory.java:290) > > at > > org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoi > > nt.java:540) > > at > > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( > > ThreadPool.java:619) > > at java.lang.Thread.run(Thread.java:536) > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
