Hi all, New to SSL, not tomcat. :-)
ENV. Tomcat 5.0 JDK 1.4.2_04-b05 Win XP I followed everything on http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html I did the following. 1. keytool -genkey -keyalg "RSA" -keystore chap8.keystore -storepass changeit 2. keytool -certreq -keyalg "RSA" -file breaker.csr -keystore keystore 3. I copied the content of the .csr and added it to the form on https://www.thawte.com/cgi/server/try.exe 4. It generated the content for a .cer file. 5. keytool -keystore keystore -keyalg "RSA" -import -trustcacerts -file breaker.cer 6. I changed the server.xml by commenting out the <Connector port=8080 .../> & uncommented <Connector port=8443..../> . 7. I added keystoreFile="conf/keystore", keystorePass="changit", keystoreType="jks" and clientAuth="true" to the <Connector port=8443 ..../> 8. I downloaded and installed the Test Root Certificates from Thawte and installed them on Mozilla FireFox. 9. Start Tomcat and hit the https://breaker:8443/myApp/etc... and I get the following error: [ERROR] sun.security.validator.ValidatorException: No trusted certificate found: unable to load file https://breaker:8443/myApp/services/print.wsdl FATAL!!! Error connecting to Services FATAL [http-8443-Processor24] (RequestControllerServlet.java:165) - "Error Binding to the Service" 10. If I put JAVA_OPTS=-Djavax.net.ssl.trustStore=C:/Tomcat5.0/conf/keystore -Djavax.net.ssl.keyStorePassword=changeit in the Catalina.bat, I get a dialog stating 'Could not establish an encrypted connection because your certificate was reject by breaker. Error Code: -12271. 11. If I change clientAuth="want", it works but I don't see the dialog prompting me about the certificate. What am I doing wrong? Is this correct behavior? Thanks. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]