Hi,
I am currently implementing Verisign Server Certificate (128 bit) on
Tomcat 4.0.3 at Windows 2000 Server platform with JDK 1.4.0 and do the
following steps:
1. Create a local Certificate Signing Request (CSR)
2. Submit the CSR to Verisign and receive the certificate back
3. Import the Verisign Chain Certificate into you keystore
4. And import the new Certificate to keystore
Note: I am creating different password for keystore and tomcat user
other than the default one called changeit. (i.e. keystore password:
secret1, key password for tomcat: secret2)
5. Stop tomcat
6. Modify the settings in server.xml file
<!-- Define an SSL HTTP/1.1 Connector on port 443 -->
<Connector
className="org.apache.catalina.connector.http.HttpConnector"
port="443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="10" debug="0" scheme="https" secure="true">
<Factory
className="org.apache.catalina.net.SSLServerSocketFactory"
keystoreFile="C:\program files\Apache Tomcat
4.0\conf\.keystore"
keystorePass="secret1"
clientAuth="false" protocol="TLS"/>
</Connector>
7. Start tomcat
When I point to the secure website, I receive the following errors:
Create Catalina server
initProxy: java.security.UnrecoverableKeyException: Cannot recover key
java.security.UnrecoverableKeyException: Cannot recover key
at
sun.security.provider.KeyProtector.recover(KeyProtector.java:301)
at
sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:103)
at java.security.KeyStore.getKey(KeyStore.java:289)
at
com.sun.net.ssl.internal.ssl.X509KeyManagerImpl.<init>(DashoA6275)
at
com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl.engineInit(DashoA6275
)
at javax.net.ssl.KeyManagerFactory.init(DashoA6275)
at
com.sun.net.ssl.KeyManagerFactorySpiWrapper.engineInit(DashoA6275)
at com.sun.net.ssl.KeyManagerFactory.init(DashoA6275)
at
org.apache.catalina.net.SSLServerSocketFactory.initProxy(SSLServerSocket
Factory.java:403)
at
org.apache.catalina.net.SSLServerSocketFactory.initialize(SSLServerSocke
tFactory.java:334)
at
org.apache.catalina.net.SSLServerSocketFactory.createSocket(SSLServerSoc
ketFactory.java:287)
at
org.apache.catalina.connector.http.HttpConnector.open(HttpConnector.java
:948)
at
org.apache.catalina.connector.http.HttpConnector.initialize(HttpConnecto
r.java:1128)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java
:454)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:5
53)
at
org.apache.catalina.startup.CatalinaService.load(CatalinaService.java:23
9)
at
org.apache.catalina.startup.CatalinaService.execute(CatalinaService.java
:171)
at
org.apache.catalina.startup.Catalina.process(Catalina.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at
org.apache.catalina.startup.BootstrapService.main(BootstrapService.java:
428)
Catalina.start: LifecycleException: null.open: java.io.IOException:
java.security.UnrecoverableKeyException: Cannot recover key
LifecycleException: null.open: java.io.IOException:
java.security.UnrecoverableKeyException: Cannot recover key
at
org.apache.catalina.connector.http.HttpConnector.initialize(HttpConnecto
r.java:1130)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java
:454)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:5
53)
at
org.apache.catalina.startup.CatalinaService.load(CatalinaService.java:23
9)
at
org.apache.catalina.startup.CatalinaService.execute(CatalinaService.java
:171)
at
org.apache.catalina.startup.Catalina.process(Catalina.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at
org.apache.catalina.startup.BootstrapService.main(BootstrapService.java:
428)
----- Root Cause -----
java.io.IOException: java.security.UnrecoverableKeyException: Cannot
recover key
at
org.apache.catalina.net.SSLServerSocketFactory.initProxy(SSLServerSocket
Factory.java:422)
at
org.apache.catalina.net.SSLServerSocketFactory.initialize(SSLServerSocke
tFactory.java:334)
at
org.apache.catalina.net.SSLServerSocketFactory.createSocket(SSLServerSoc
ketFactory.java:287)
at
org.apache.catalina.connector.http.HttpConnector.open(HttpConnector.java
:948)
at
org.apache.catalina.connector.http.HttpConnector.initialize(HttpConnecto
r.java:1128)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java
:454)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:5
53)
at
org.apache.catalina.startup.CatalinaService.load(CatalinaService.java:23
9)
at
org.apache.catalina.startup.CatalinaService.execute(CatalinaService.java
:171)
at
org.apache.catalina.startup.Catalina.process(Catalina.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at
org.apache.catalina.startup.BootstrapService.main(BootstrapService.java:
428)
Am I missing some settings?
Thank you for the help,
Kevin
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
