Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7)

Fri, 26 Oct 2012 15:36:58 -0700 

I have followed below steps:

1.- Erase keytore
keytool -delete -keystore .keystore -storepass x_men_gha

2.- List to verify if it has been deleted.
keytool -list  -storepass x_men_gha
Tipo de almacÚn de claves: JKS
Proveedor de almacÚn de claves: SUN

Su almacÚn de claves contiene 0 entradas

3.- Create as stated:
keytool -genkey -alias tomcat -keyalg RSA
Escriba la contrase±a del almacÚn de claves:
La contrase±a del almacÚn de claves es demasiado corta, debe tener al menos 6 ca
racteres
Escriba la contrase±a del almacÚn de claves:
┐Cußles son su nombre y su apellido?
  [Unknown]:  Gabriel Huerta
┐Cußl es el nombre de su unidad de organizaci¾n?
  [Unknown]:  Desarrollo
┐Cußl es el nombre de su organizaci¾n?
  [Unknown]:  Hildebrando
┐Cußl es el nombre de su ciudad o localidad?
  [Unknown]:  Queretaro
┐Cußl es el nombre de su estado o provincia?
  [Unknown]:  Santiago
┐Cußl es el c¾digo de paÝs de dos letras de la unidad?
  [Unknown]:  MX
┐Es correcto CN=Gabriel Huerta, OU=Desarrollo, O=Hildebrando, L=Queretaro, ST=Sa
ntiago, C=MX?
  [no]:  y

Escriba la contrase±a clave para <tomcat>
        (INTRO si es la misma contrase±a que la del almacÚn de claves):


4.- List to verify it:
C:\Users\Gabriel Huerta>keytool -list
Escriba la contrase±a del almacÚn de claves:

Tipo de almacÚn de claves: JKS
Proveedor de almacÚn de claves: SUN

Su almacÚn de claves contiene entrada 1

tomcat, 26/10/2012, PrivateKeyEntry,
Huella digital de certificado (MD5): 
00:37:8B:7F:F1:A4:B6:EE:8F:00:69:95:0A:A8:AD:14


5.- Import certificate as stated for Tomcat documentation:
 For Verisign.com trial certificates go to: 
http://www.verisign.com/support/verisign-intermediate-ca/Trial_Secure_Server_Root/index.html

Once there I followed instructions where says "Click here to go to the 
Installation Instructions", basically I copied below message and pasted it into 
a file named certif.cer:
-----BEGIN CERTIFICATE-----
MIIEVzCCAz+gAwIBAgIQFoFkpCjKEt+rEvGfsbk1VDANBgkqhkiG9w0BAQUFADCB
jDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTAwLgYDVQQL
EydGb3IgVGVzdCBQdXJwb3NlcyBPbmx5LiAgTm8gYXNzdXJhbmNlcy4xMjAwBgNV
BAMTKVZlcmlTaWduIFRyaWFsIFNlY3VyZSBTZXJ2ZXIgUm9vdCBDQSAtIEcyMB4X
DTA5MDQwMTAwMDAwMFoXDTI5MDMzMTIzNTk1OVowgYwxCzAJBgNVBAYTAlVTMRcw
FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEwMC4GA1UECxMnRm9yIFRlc3QgUHVycG9z
ZXMgT25seS4gIE5vIGFzc3VyYW5jZXMuMTIwMAYDVQQDEylWZXJpU2lnbiBUcmlh
bCBTZWN1cmUgU2VydmVyIFJvb3QgQ0EgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMCJggWnSVAcIomnvCFhXlCdgafCKCDxVSNQY2jhYGZXcZsq
ToJmDQ7b9JO39VCPnXELOENP2+4FNCUQnzarLfghsJ8kQ9pxjRTfcMp0bsH+Gk/1
qLDgvf9WuiBa5SM/jXNvroEQZwPuMZg4r2E2k0412VTq9ColODYNDZw3ziiYdSjV
fY3VfbsLSXJIh2jaJC5kVRsUsx72s4/wgGXbb+P/XKr15nMIB0yH9A5tiCCXQ5nO
EV7/ddZqmL3zdeAtyGmijOxjwiy+GS6xr7KACfbPEJYZYaS/P0wctIOyQy6CkNKL
o5vDDkOZks0zjf6RAzNXZndvsXEJpQe5WO1avm8CAwEAAaOBsjCBrzAPBgNVHRMB
Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkw
VzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZ
LjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjAdBgNVHQ4E
FgQUSBnnkm+SnTRjmcDwmcjWpYyMf2UwDQYJKoZIhvcNAQEFBQADggEBADuswa8C
0hunHp17KJQ0WwNRQCp8f/u4L8Hz/TiGfybnaMXgn0sKI8Xe79iGE91M7vrzh0Gt
ap0GLShkiqHGsHkIxBcVMFbEQ1VS63XhTeg36cWQ1EjOHmu+8tQe0oZuwFsYYdfs
n4EZcpspiep9LFc/hu4FE8SsY6MiasHR2Ay97UsC9A3S7ZaoHfdwyhtcINXCu2lX
W0Gpi3vzWRvwqgua6dm2WVKJfvPfmS1mAP0YmTcIwjdiNXiU6sSsJEoNlTR9zCoo
4oKQ8wVoWZpbuPZb5geszhS7YsABUPIAAfF1YQCiMULtpa6HFzzm7sdf72N3HfwE
aQNg95KnKGrrDUI=
-----END CERTIFICATE-----

Below are all instructions stated for this place which I have follwed:

Installation Instructions
For Microsoft Browsers

1.Click on the "Secure Site Trial Root Certificate" link above.
2.Save the certificate into a file with a .cer extension.
3.Open a Microsoft IE Browser.
4.Go to Tools > Internet Options > Content > Certificates
5.Click Import. A certificate manager Import Wizard will appear. Click Next.
6.Browse to the location of the recently stored root (done in step 2). Select 
ALL files for file type.
7.Select the certificate and click Open.
8.Click Next.
9.Select "Automatically select the certificate store based on the type of the 
certificate". Click Ok.
10.Click Next then Finish.
11.When prompted and asked if you wish to add the following certificate to the 
root store, click Yes.

For last step I was not asked to add trial certificate to the root store.


I did not do below steps(stated from Tomcat documentation), because these ones 
require keystore file:

"Import the Chain Certificate into your keystore 
   
 keytool -import -alias root -keystore <your_keystore_filename> \
    -trustcacerts -file <filename_of_the_chain_certificate>
  
 
And finally import your new Certificate 
   
 keytool -import -alias tomcat -keystore <your_keystore_filename> \
    -file <your_certificate_filename>"
  
   

6.- Restart tomcat: It did not generate any error, but when I open IE with link 
https://localhost:8443/
appears below message:

        There is a problem with the security certificate for this site
        Go to this website (not recommended).

When I clicked on this message (Go to this website (not recommended), it is 
showed Tomcat page but in the IE's toolbar
indicates "Certificate Error". My question here is how do I disappear this 
annoying indication?. 


Regards

----- Original Message -----
From: "Christopher Schultz" <ch...@christopherschultz.net>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Friday, October 26, 2012 2:29:28 PM
Subject: Re: Implementing SSL and error invocating https://localhost:8443/ 
(Tomcat 7.0 on Windows 7)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gabriel,

On 10/26/12 11:57 AM, Gabriel Huerta Araujo wrote:
> Regarding password I run keytool indicating my password which is
> the same as the indicated in my connector section:
> 
> keytool -list -keystore .keystore -storepass x_men_gha Tipo de
> almacén de claves: JKS Proveedor de almacén de claves: SUN
> 
> Su almacén de claves contiene 2 entradas
> 
> root, 24/10/2012, trustedCertEntry, Huella digital de certificado
> (MD5): E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 tomcat,
> 24/10/2012, trustedCertEntry, Huella digital de certificado (MD5):
> E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37

I don't usually use keystores... do the "root" and "tomcat" strings in
there indicate the "alias" for each entry?

Hmm... when I create a keystore like this:

$ keytool -genkey -alias tomcat -keyalg RSA

$ keytool -list
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

tomcat, Oct 26, 2012, PrivateKeyEntry,
Certificate fingerprint (SHA1):
C1:8A:4F:EF:80:AB:41:8E:10:B4:98:6B:C4:EE:58:7E:7A:F2:8C:A8

Note the "PrivateKeyEntry" in there: you need to have the
certificate's private key available in order to unlock the
certificate. Can you try re-creating your keystore and posting all the
commands you use?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlCK5JgACgkQ9CaO5/Lv0PB43gCgusGt82p+037mjGlwk0UsFtQ9
cBoAmwZrEYkIXxNjW7MF/Mqk9raXdhyB
=9CMe
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to