Here they are
(all the files I have generated with these openssl commands)
> can u send ur server,client,ca certs?
>
> Rams
> +91-040-3000401 x 2162 (O)
> +91-040-6313447 (R)
>
>
> -----Original Message-----
> From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 14, 2001 7:27 PM
> To: [EMAIL PROTECTED]
> Subject: SSL handshake failure URGENT
>
>
> Hello,
>
> I get no responses for my previous mails... so maybe I did not contact the
> good mailing list. Please give me an start of response...
>
> Hello,
> I have a cert importation problem
>
> here is the output of an openSSL client command [witch emulate a browser]
> (openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem -key
> cl_key.pem -state) :
>
> Enter PEM pass phrase:
> CONNECTED(00000003)
> SSL_connect:before/connect initialization
> SSL_connect:SSLv2/v3 write client hello A
> SSL3 alert read:fatal:handshake failure
> SSL_connect:error in SSLv2/v3 read server hello A
> 1993:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
> handshake failure:s23_clnt.c:453:
>
> Can someone help me ?
> Is it a way to make it work without installing apache ?
> Thanks for your answer
>
>
>
>
> I have this tomcat configuration :
>
>
> <Connector className=3D"org.apache.tomcat.service.PoolTcpConnector">
> <Parameter name=3D"handler"
> value=3D"org.apache.tomcat.service.http.HttpConnectionHandler"/>
> <Parameter name=3D"port"
> value=3D"8443"/>
> <Parameter name=3D"socketFactory"
> value=3D"org.apache.tomcat.net.SSLSocketFactory" />
> <Parameter name=3D"keystore"
> value=3D"/opt/tomcat-3-2-2/tomcat/conf/keystore" />
> <Parameter name=3D"keypass"
> value=3D"pwd_sr" />
> <Parameter name=3D"clientAuth"
> value=3D"true" />
> </Connector>
>
>
> And that are all the lines procedure I entered to make it well work
>
> mkdir ./demoCA
> echo "" > ./demoCA/index.txt
> echo "01" > ./demoCA/serial
>
> # CA
> openssl req -new -out ca_req.pem -keyout ca_key.pem
> #pwd:pwd_ca
> #challenge_pwd:ch_ca
> #company name:THE_ORG
>
> # CLIENT
> openssl req -new -out cl_req.pem -keyout cl_key.pem
> #pwd:pwd_cl
> #ch_pwd:ch_cl
> #company name:THE_ORG
> # SERVER
> openssl req -new -out sr_req.pem -keyout sr_key.pem
> #pwd:pwd_sr
> #ch_pwd:ch_sr
> #company name:THE_ORG
> # CA AUTH
> echo "CA AUTH : enter CA password"
> openssl req -x509 -in ca_req.pem -key ca_key.pem -out ca_cert.pem
> #pwd:pwd_ca
> rm ./demoCA/index.txt
> rm ./demoCA/serial
> cat "" > ./demoCA/index.txt
> cat "01" > ./demoCA/serial
>
> # CLIENT AUTH BY CA
> echo "CL AUTH : enter CA password"
> openssl ca -cert ca_cert.pem -in cl_req.pem -out cl_cert.pem -keyfile
> ca_key.pem -config /usr/local/ssl/openssl.cnf
> #pwd:pwd_ca
>
> # SERVER AUTH BY CA
> echo "SR AUTH : enter CA password"
> openssl ca -cert ca_cert.pem -in sr_req.pem -out sr_cert.pem -keyfile
> ca_key.pem -config /usr/local/ssl/openssl.cnf
> #pwd:pwd_ca
>
> # CONVERT SERVER AUTH FROM PEM FORMAT TO DER FORMAT
> openssl x509 -inform PEM -in sr_cert.pem -outform DER -out sr_cert.der
>
> # REMOVE PREVIOUS KEYSTORE
> rm /opt/tomcat-3-2-2/tomcat/conf/keystore
>
> # IMPORT SERVER CERT IN TOMCAT KEYSTORE
> echo "IMPORT SR CERT : enter SR password"
> /usr/java/jdk1.3/bin/keytool -import -v -trustcacerts -alias tomcat -file
> sr_cert.der -keystore /opt/tomcat-3-2-2/tomcat/conf/keystore
> #pwd:pwd_sr
>
> # CONVERTING CLIENT CERT INTO NETSCAPE PKCS12 FORMAT
> echo "CL CERT CONVERSION : PEM -> P12 : enter CL passwd"
> openssl pkcs12 -in cl_cert.pem -inkey cl_key.pem -export -out cl_cert.p12
> #pwd:pwd_cl
> #exp_pwd:pwd_cl
>
> # CONNECTION TO THE TOMCAT SERVER
> openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem -key
> cl_key.pem -state
> __________________________________________________
> Voila vous propose une boite aux lettres gratuite sur Voila Mail:
> http://mail.voila.fr
>
>
>
__________________________________________________
Voila vous propose une boite aux lettres gratuite sur Voila Mail:
http://mail.voila.fr
certs.zip
