I have followed below steps: 1.- Erase keytore keytool -delete -keystore .keystore -storepass x_men_gha
2.- List to verify if it has been deleted. keytool -list -storepass x_men_gha Tipo de almacÚn de claves: JKS Proveedor de almacÚn de claves: SUN Su almacÚn de claves contiene 0 entradas 3.- Create as stated: keytool -genkey -alias tomcat -keyalg RSA Escriba la contrase±a del almacÚn de claves: La contrase±a del almacÚn de claves es demasiado corta, debe tener al menos 6 ca racteres Escriba la contrase±a del almacÚn de claves: ┐Cußles son su nombre y su apellido? [Unknown]: Gabriel Huerta ┐Cußl es el nombre de su unidad de organizaci¾n? [Unknown]: Desarrollo ┐Cußl es el nombre de su organizaci¾n? [Unknown]: Hildebrando ┐Cußl es el nombre de su ciudad o localidad? [Unknown]: Queretaro ┐Cußl es el nombre de su estado o provincia? [Unknown]: Santiago ┐Cußl es el c¾digo de paÝs de dos letras de la unidad? [Unknown]: MX ┐Es correcto CN=Gabriel Huerta, OU=Desarrollo, O=Hildebrando, L=Queretaro, ST=Sa ntiago, C=MX? [no]: y Escriba la contrase±a clave para <tomcat> (INTRO si es la misma contrase±a que la del almacÚn de claves): 4.- List to verify it: C:\Users\Gabriel Huerta>keytool -list Escriba la contrase±a del almacÚn de claves: Tipo de almacÚn de claves: JKS Proveedor de almacÚn de claves: SUN Su almacÚn de claves contiene entrada 1 tomcat, 26/10/2012, PrivateKeyEntry, Huella digital de certificado (MD5): 00:37:8B:7F:F1:A4:B6:EE:8F:00:69:95:0A:A8:AD:14 5.- Import certificate as stated for Tomcat documentation: For Verisign.com trial certificates go to: http://www.verisign.com/support/verisign-intermediate-ca/Trial_Secure_Server_Root/index.html Once there I followed instructions where says "Click here to go to the Installation Instructions", basically I copied below message and pasted it into a file named certif.cer: -----BEGIN CERTIFICATE----- MIIEVzCCAz+gAwIBAgIQFoFkpCjKEt+rEvGfsbk1VDANBgkqhkiG9w0BAQUFADCB jDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTAwLgYDVQQL EydGb3IgVGVzdCBQdXJwb3NlcyBPbmx5LiAgTm8gYXNzdXJhbmNlcy4xMjAwBgNV BAMTKVZlcmlTaWduIFRyaWFsIFNlY3VyZSBTZXJ2ZXIgUm9vdCBDQSAtIEcyMB4X DTA5MDQwMTAwMDAwMFoXDTI5MDMzMTIzNTk1OVowgYwxCzAJBgNVBAYTAlVTMRcw FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEwMC4GA1UECxMnRm9yIFRlc3QgUHVycG9z ZXMgT25seS4gIE5vIGFzc3VyYW5jZXMuMTIwMAYDVQQDEylWZXJpU2lnbiBUcmlh bCBTZWN1cmUgU2VydmVyIFJvb3QgQ0EgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAMCJggWnSVAcIomnvCFhXlCdgafCKCDxVSNQY2jhYGZXcZsq ToJmDQ7b9JO39VCPnXELOENP2+4FNCUQnzarLfghsJ8kQ9pxjRTfcMp0bsH+Gk/1 qLDgvf9WuiBa5SM/jXNvroEQZwPuMZg4r2E2k0412VTq9ColODYNDZw3ziiYdSjV fY3VfbsLSXJIh2jaJC5kVRsUsx72s4/wgGXbb+P/XKr15nMIB0yH9A5tiCCXQ5nO EV7/ddZqmL3zdeAtyGmijOxjwiy+GS6xr7KACfbPEJYZYaS/P0wctIOyQy6CkNKL o5vDDkOZks0zjf6RAzNXZndvsXEJpQe5WO1avm8CAwEAAaOBsjCBrzAPBgNVHRMB Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkw VzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZ LjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjAdBgNVHQ4E FgQUSBnnkm+SnTRjmcDwmcjWpYyMf2UwDQYJKoZIhvcNAQEFBQADggEBADuswa8C 0hunHp17KJQ0WwNRQCp8f/u4L8Hz/TiGfybnaMXgn0sKI8Xe79iGE91M7vrzh0Gt ap0GLShkiqHGsHkIxBcVMFbEQ1VS63XhTeg36cWQ1EjOHmu+8tQe0oZuwFsYYdfs n4EZcpspiep9LFc/hu4FE8SsY6MiasHR2Ay97UsC9A3S7ZaoHfdwyhtcINXCu2lX W0Gpi3vzWRvwqgua6dm2WVKJfvPfmS1mAP0YmTcIwjdiNXiU6sSsJEoNlTR9zCoo 4oKQ8wVoWZpbuPZb5geszhS7YsABUPIAAfF1YQCiMULtpa6HFzzm7sdf72N3HfwE aQNg95KnKGrrDUI= -----END CERTIFICATE----- Below are all instructions stated for this place which I have follwed: Installation Instructions For Microsoft Browsers 1.Click on the "Secure Site Trial Root Certificate" link above. 2.Save the certificate into a file with a .cer extension. 3.Open a Microsoft IE Browser. 4.Go to Tools > Internet Options > Content > Certificates 5.Click Import. A certificate manager Import Wizard will appear. Click Next. 6.Browse to the location of the recently stored root (done in step 2). Select ALL files for file type. 7.Select the certificate and click Open. 8.Click Next. 9.Select "Automatically select the certificate store based on the type of the certificate". Click Ok. 10.Click Next then Finish. 11.When prompted and asked if you wish to add the following certificate to the root store, click Yes. For last step I was not asked to add trial certificate to the root store. I did not do below steps(stated from Tomcat documentation), because these ones require keystore file: "Import the Chain Certificate into your keystore keytool -import -alias root -keystore <your_keystore_filename> \ -trustcacerts -file <filename_of_the_chain_certificate> And finally import your new Certificate keytool -import -alias tomcat -keystore <your_keystore_filename> \ -file <your_certificate_filename>" 6.- Restart tomcat: It did not generate any error, but when I open IE with link https://localhost:8443/ appears below message: There is a problem with the security certificate for this site Go to this website (not recommended). When I clicked on this message (Go to this website (not recommended), it is showed Tomcat page but in the IE's toolbar indicates "Certificate Error". My question here is how do I disappear this annoying indication?. Regards ----- Original Message ----- From: "Christopher Schultz" <ch...@christopherschultz.net> To: "Tomcat Users List" <users@tomcat.apache.org> Sent: Friday, October 26, 2012 2:29:28 PM Subject: Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gabriel, On 10/26/12 11:57 AM, Gabriel Huerta Araujo wrote: > Regarding password I run keytool indicating my password which is > the same as the indicated in my connector section: > > keytool -list -keystore .keystore -storepass x_men_gha Tipo de > almacén de claves: JKS Proveedor de almacén de claves: SUN > > Su almacén de claves contiene 2 entradas > > root, 24/10/2012, trustedCertEntry, Huella digital de certificado > (MD5): E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 tomcat, > 24/10/2012, trustedCertEntry, Huella digital de certificado (MD5): > E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 I don't usually use keystores... do the "root" and "tomcat" strings in there indicate the "alias" for each entry? Hmm... when I create a keystore like this: $ keytool -genkey -alias tomcat -keyalg RSA $ keytool -list Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry tomcat, Oct 26, 2012, PrivateKeyEntry, Certificate fingerprint (SHA1): C1:8A:4F:EF:80:AB:41:8E:10:B4:98:6B:C4:EE:58:7E:7A:F2:8C:A8 Note the "PrivateKeyEntry" in there: you need to have the certificate's private key available in order to unlock the certificate. Can you try re-creating your keystore and posting all the commands you use? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCK5JgACgkQ9CaO5/Lv0PB43gCgusGt82p+037mjGlwk0UsFtQ9 cBoAmwZrEYkIXxNjW7MF/Mqk9raXdhyB =9CMe -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org