Just hit the solution to the problem Here is the steps to get it working, let me know if it works for you 1) keytool -genkey -keyalg RSA -alias tomcat -keystore ./.keystore 2) keytool -certreq -alias tomcat -keyalg RSA -file <myhostname>.csr -keystore keystore 3) Got the csr file signed by verisign
3a) The $JAVA_HOME/jre/lib/security/cacerts file should contain the CA Certificate. Now for a VeriSign trial certificate the certificate issuer is not listed in cacerts. So you need to download the CA Certificate and (http://www.verisign.com/server/trial/faq/index.html) and import the same in to cacerts The command keytool -import -alias tomcat -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -file getcacert.cer getcacert.cer - is the CA Certificate. 4) keytool -import -alias tomcat -trustcacerts -file <myHostName>.crt -keystore .keystore Regards, Joseph -----Original Message----- From: Johan Bryssling [mailto:johan.bryssling@;assembla.se] Sent: Friday, November 15, 2002 6:25 PM To: Tomcat Users List Subject: RE: Trouble installing SSL on Tomcat Standalone Hi! I have the same problem, but have not yet solved it. (I know what the problem means, but it doesnt help). If you come across a solution to this please share it with you. :) But... However, I will not sit back and wait so I will install the Apache server(HTTPD) and have a tomcat-mod running instead, because I already know that Apache handle SSL/TSL (Client Auth and others) just right. It would have simplyfied and enhanced my implementaion phase a lot if I only had to worry about tomcat. Now I have to worry about both "HTTPD" and tomcat. *hmmf* Regards /Johan ps.. This problem is called an "abstraction leakage". -----Original Message----- From: Joseph Stephen Vaithara [mailto:Josephsv@;infosys.com] Sent: den 15 november 2002 10:34 To: [EMAIL PROTECTED] Subject: Trouble installing SSL on Tomcat Standalone Hi , I have configured SSL for my tomcat standalone webserver. I am using a trial VeriSign certificate. Now when I try to connect to tomcat Netscape throws the message "Netscape and <my host> cannot communicate because they have no common encryption algorithms" Any pointers as to where the problem would be greatly appreciated. Steps I followed to setup SSL 1) keytool -genkey -keyalg RSA -alias tomcat -keystore ./.keystore 2) keytool -certreq -alias tomcat -keyalg RSA -file <myhostname>.csr -keystore ./.keystore 3) Got the csr file signed by verisign 4) keytool -import -alias root -trustcacerts -file <myHostName>.crt -keystore ./.keystore 5) keytool -delete -alias tomcat -keystore ./.keystore (If skip this step then the self signed certificate is used.) Thanks Joe -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org> -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org> -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
