Hello,
I think I just posted an answer to this one (answered
my own question from a while ago), but for some reason
I can't find it in the newsgroup. Anyway, to create a
self signed key, do this with Suns Java SDK 1.4.0 (I
couldn't get it to work with 1.3.1 because jsse is not
default with this sdk and I think some important certs
were missing from the cacerts file).
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg
RSA -keystore $JAVA_HOME/jre/lib/security/cacerts
Then make sure you put the location of the cacerts
(and password if needed) file in the conf/server.xml.
Mine looks like this.
<Connector
className="org.apache.catalina.connector.http.HttpConnector"
port="8443" minProcessors="5"
maxProcessors="75"
enableLookups="true"
acceptCount="10" debug="99"
scheme="https" secure="true">
<Factory
className="org.apache.catalina.net.SSLServerSocketFactory"
keystoreFile="/usr/local/java/j2sdk1.4.0/jre/lib/security/cacerts"
keystorePass="changeit"
clientAuth="false" protocol="TLS"/>
</Connector>
Hope this helps,
Ryan
--- [EMAIL PROTECTED] wrote:
>
> Hello,
>
> I have been some problems with import SSL CA
> Certificates on Tomcat4. It
> just doesn�t running!!
>
> I generated a key with openssl e send it to
> authority VeriSign that send me
> two files with the certificate. Then I have three
> files:
> cetipnet.key (The public key I generated by openssl)
> cetipnet.crt (The certificate sent to me by
> Verisign)
> cetipnet.ca.crt (valid certificate by Certification
> Authority)
>
> I try do the following commands:
>
> keytool -import -v -trustcacerts -alias tomcat -file
> cetipnet.crt
>
> Then , when I start the tomcat and see by page
> https://localhost:8443
> occurs error sayind that the page connot appears.
>
> I would like to know if there is some way to import
> valid certificate by
> Certification Authority (not selfSign) and how can I
> install it.
>
> When I try to generate a SSL certificate (RSA) for
> tomcat 4.0 it works
> fine!! But I need to import a trusted CA Certificate
> from VeriSign and it
> didn�t work.
>
> Could you help me please?
>
>
> --
> To unsubscribe:
> <mailto:[EMAIL PROTECTED]>
> For additional commands:
> <mailto:[EMAIL PROTECTED]>
> Troubles with the list:
> <mailto:[EMAIL PROTECTED]>
>
__________________________________________________
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
