> Did you set correctly the SERVER Common Name ?
> It must match the server name (ie: mybecane.com)
First, thanks to have taken the time to help me :)
But I fear I didn't understand the answer :(
where must I enter the same name as what ?
example : I am under Linux, the hostname is "thehostname"
is that that you call server name, or is it a name that you enter in the server.xml
file (if yes with witch tag ?)
And where must I enter the same name as the servername ?
what field of witch openSSL command ?
Thanks for your answer !
JEG
> > # CA
> > openssl req -new -out ca_req.pem -keyout ca_key.pem
> > #pwd:pwd_ca
> > #challenge_pwd:ch_ca
> > #company name:THE_ORG
> >
> > # CLIENT
> > openssl req -new -out cl_req.pem -keyout cl_key.pem
> > #pwd:pwd_cl
> > #ch_pwd:ch_cl
> > #company name:THE_ORG
> > # SERVER
> > openssl req -new -out sr_req.pem -keyout sr_key.pem
> > #pwd:pwd_sr
> > #ch_pwd:ch_sr
> > #company name:THE_ORG
> > # CA AUTH
> > echo "CA AUTH : enter CA password"
> > openssl req -x509 -in ca_req.pem -key ca_key.pem -out ca_cert.pem
> > #pwd:pwd_ca
> > rm ./demoCA/index.txt
> > rm ./demoCA/serial
> > cat "" > ./demoCA/index.txt
> > cat "01" > ./demoCA/serial
> >
> > # CLIENT AUTH BY CA
> > echo "CL AUTH : enter CA password"
> > openssl ca -cert ca_cert.pem -in cl_req.pem -out cl_cert.pem
> >-keyfile ca_key.pem -config /usr/local/ssl/openssl.cnf
> > #pwd:pwd_ca
> >
> > # SERVER AUTH BY CA
> > echo "SR AUTH : enter CA password"
> > openssl ca -cert ca_cert.pem -in sr_req.pem -out sr_cert.pem
> >-keyfile ca_key.pem -config /usr/local/ssl/openssl.cnf
> > #pwd:pwd_ca
> >
> > # CONVERT SERVER AUTH FROM PEM FORMAT TO DER FORMAT
> > openssl x509 -inform PEM -in sr_cert.pem -outform DER -out sr_cert.der
> >
> > # REMOVE PREVIOUS KEYSTORE
> > rm /opt/tomcat-3-2-2/tomcat/conf/keystore
> >
> > # IMPORT SERVER CERT IN TOMCAT KEYSTORE
> > echo "IMPORT SR CERT : enter SR password"
> > /usr/java/jdk1.3/bin/keytool -import -v -trustcacerts -alias
> >tomcat -file sr_cert.der -keystore
> >/opt/tomcat-3-2-2/tomcat/conf/keystore
> > #pwd:pwd_sr
> >
> > # CONVERTING CLIENT CERT INTO NETSCAPE PKCS12 FORMAT
> > echo "CL CERT CONVERSION : PEM -> P12 : enter CL passwd"
> > openssl pkcs12 -in cl_cert.pem -inkey cl_key.pem -export -out
> >cl_cert.p12
> > #pwd:pwd_cl
> > #exp_pwd:pwd_cl
> >
> > # CONNECTION TO THE TOMCAT SERVER
> > openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem
> >-key cl_key.pem -state
__________________________________________________
Voila vous propose une boite aux lettres gratuite sur Voila Mail:
http://mail.voila.fr
