Playing around with Tomcat/SSL (no apache) and am having a problem hitting a secure page if the certificate was imported. At first I thought it was a problem with the Verisign test certificate but if I create a ket with -genkey (which works fine), export it, then import it I have a problem hitting the secure page. Here is the series of events to duplicate: - Create the key: keytool -genkey -alias tomcat -keyalg RSA - Start Tomcat and test SSL by hitting https://locathost:8443 (page loads fine) - Export the generated key: keytool -export -v -file export.cert -alias tomcat - Delete the existing key: keytool -delete -alias tomcat - Import the key: keytool -import -v -trustcacerts -file export.cert -alias tomcat - Restart Tomcat - Test hitting same SSL page: Page does't come up. With debugs turned on I see the followingin handshake error in the console: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ [EmbeddedTomcat] Thread-29, READ: SSL v3.0 Handshake, length = 85 [EmbeddedTomcat] *** ClientHello, v3.0 RandomCookie: GMT: 893495682 bytes = { 102, 116, 141, 221, 165, 181, 15, 239, 0 , 124, 42, 42, 154, 126, 160, 241, 45, 203, 148, 236, 162, 155, 198, 169, 9, 194 , 82, 45[EmbeddedTomcat] } Session ID: [EmbeddedTomcat] {59, 30, 11, 188, 5, 132, 214, 51, 19, 148, 194, 1 81, 128, 47, 236, 94, 112, 99, 131, 88, 222, 2, 98, 172, 83, 12, 246, 170, 60, 1 18, 167, 10} Cipher Suites: { 0, 100, 0, 98, 0, 3, 0, 6, 0, 99[EmbeddedTomcat] } Compression Methods: { 0[EmbeddedTomcat] } [EmbeddedTomcat] *** [EmbeddedTomcat] [read] MD5 and SHA1 hashes: len = 85 0000: 01 00 00 51 03 00 35 42 AA 82 66 74 8D DD A5 B5 ...Q..5B..ft.... 0010: 0F EF 00 7C 2A 2A 9A 7E A0 F1 2D CB 94 EC A2 9B ....**....-..... 0020: C6 A9 09 C2 52 2D 20 3B 1E 0B BC 05 84 D6 33 13 ....R- ;......3. 0030: 94 C2 B5 80 2F EC 5E 70 63 83 58 DE 02 62 AC 53 ..../.^pc.X..b.S 0040: 0C F6 AA 3C 76 A7 0A 00 0A 00 64 00 62 00 03 00 ...<v.....d.b... 0050: 06 00 63 01 00 ..c.. [EmbeddedTomcat] %% Created: [Session-1, SSL_NULL_WITH_NULL_NULL] Thread-29, SEND SSL v3.0 ALERT: fatal, [EmbeddedTomcat] description = handshake _failure [EmbeddedTomcat] Thread-29, WRITE: SSL v3.0 Alert, length = 2 2001-06-06 07:15:39 - Ctx( ): 400 R( /) null 2001-06-06 07:15:39 - Ctx( ): IOException in: R( /) Socket closed +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Am I missing something with the import? If I delete and run -genkey again it works OK again. Just cannot get the import working. Same result when importing a Versign test certificate. Has anyone been able to import a certificate and get it to work? Any help/suggestions much appreciated. Regards
