Antwort: Re: Antwort: RE: SSL, keystore with ca hierarchy

Wed, 28 Jan 2004 23:08:23 -0800 



I've done this and it does work. Now I wanted to turn client authentication
on: clientAuth="true"

But it doesn't work. I've registred the ca certificates after I've imported
the openssl certificate:
keytool -import -keystore %KEYSTORE_FILE% -storepass 123456 -alias root
-trustcacerts -file CA_Root_APU.pem
keytool -import -keystore %KEYSTORE_FILE% -storepass 123456 -alias
server_ca -trustcacerts -file CA_Server_APU.pem

BTW, I'm running Tomcat 4.1.29 and JDK 1.4.1_02.

Oliver



                                                                       
                      "Bill Barker"                                    
                      <[EMAIL PROTECTED]        An:       [EMAIL PROTECTED]
                      .com>                    Kopie:                  
                      Gesendet von:            Thema:    Re: Antwort: RE: SSL, 
keystore with ca hierarchy
                      news                                             
                      <[EMAIL PROTECTED]                                
                      rg>                                              
                                                                       
                                                                       
                      26.01.2004 00:53                                 
                      Bitte antworten                                  
                      an "Tomcat Users                                 
                      List"                                            
                                                                       
                                                                       




<broken-record>
There is a utility at http://www.comu.de/docs/tomcat_ssl.htm to import your
OpenSSL certs into a JKS keystore.  Alternatively, the ssl_howto for TC 5.x
contains an example of how to configure a PKCS12 keystore from an OpenSSL
keystore.
</broken-record>

"Mark Thomas" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> > I can't do step 1 and 2 because the certificate and private
> > key has been
> > created already with openssl.
> > The file TestServer_APU.pem contains the private key and
> > certificate in the
> > PEM format.
> > Should that work either?
>
> Sorry, no idea. You may need to convert formats. A quick Google found
> https://lists.freeswan.org/archives/users/2003-August/msg00040.html that
may
> help if a format conversion is required.
>
> > Does the cacerts has to be located in
> > %JAVA_HOME%\jre\lib\security\cacerts
> > or can I place it anywhere else?
>
> See http://java.sun.com/products/jsse/install.html for how to configure
trust
> store locations.
>
> Mark




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]









******************* BITTE BEACHTEN *******************
Diese Nachricht (wie auch allf�llige Anh�nge dazu) beinhaltet
m�glicherweise vertrauliche oder gesetzlich gesch�tzte Daten oder
Informationen. Zum Empfang derselben ist (sind) ausschliesslich die
genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht
irrt�mlicherweise erreicht hat, sind Sie h�flich gebeten, diese unter
Ausschluss jeder Reproduktion zu zerst�ren und die absendende Person
umgehend zu benachrichtigen. Vielen Dank f�r Ihre Hilfe.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]















    











					Reply via email to