On 27/10/2012 9:37 AM, "Gabriel Huerta Araujo" <huert...@hildebrando.com> wrote: > > I have followed below steps: > > 1.- Erase keytore > keytool -delete -keystore .keystore -storepass x_men_gha > > 2.- List to verify if it has been deleted. > keytool -list -storepass x_men_gha > Tipo de almacÚn de claves: JKS > Proveedor de almacÚn de claves: SUN > > Su almacÚn de claves contiene 0 entradas > > 3.- Create as stated: > keytool -genkey -alias tomcat -keyalg RSA > Escriba la contrase±a del almacÚn de claves: > La contrase±a del almacÚn de claves es demasiado corta, debe tener al menos 6 ca > racteres > Escriba la contrase±a del almacÚn de claves: > ┐Cußles son su nombre y su apellido? > [Unknown]: Gabriel Huerta > ┐Cußl es el nombre de su unidad de organizaci¾n? > [Unknown]: Desarrollo > ┐Cußl es el nombre de su organizaci¾n? > [Unknown]: Hildebrando > ┐Cußl es el nombre de su ciudad o localidad? > [Unknown]: Queretaro > ┐Cußl es el nombre de su estado o provincia? > [Unknown]: Santiago > ┐Cußl es el c¾digo de paÝs de dos letras de la unidad? > [Unknown]: MX > ┐Es correcto CN=Gabriel Huerta, OU=Desarrollo, O=Hildebrando, L=Queretaro, ST=Sa > ntiago, C=MX? > [no]: y > > Escriba la contrase±a clave para <tomcat> > (INTRO si es la misma contrase±a que la del almacÚn de claves): > > > 4.- List to verify it: > C:\Users\Gabriel Huerta>keytool -list > Escriba la contrase±a del almacÚn de claves: > > Tipo de almacÚn de claves: JKS > Proveedor de almacÚn de claves: SUN > > Su almacÚn de claves contiene entrada 1 > > tomcat, 26/10/2012, PrivateKeyEntry, > Huella digital de certificado (MD5): 00:37:8B:7F:F1:A4:B6:EE:8F:00:69:95:0A:A8:AD:14 > > > 5.- Import certificate as stated for Tomcat documentation: > For Verisign.com trial certificates go to: http://www.verisign.com/support/verisign-intermediate-ca/Trial_Secure_Server_Root/index.html > > Once there I followed instructions where says "Click here to go to the Installation Instructions", basically I copied below message and pasted it into a file named certif.cer: > -----BEGIN CERTIFICATE----- > MIIEVzCCAz+gAwIBAgIQFoFkpCjKEt+rEvGfsbk1VDANBgkqhkiG9w0BAQUFADCB > jDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTAwLgYDVQQL > EydGb3IgVGVzdCBQdXJwb3NlcyBPbmx5LiAgTm8gYXNzdXJhbmNlcy4xMjAwBgNV > BAMTKVZlcmlTaWduIFRyaWFsIFNlY3VyZSBTZXJ2ZXIgUm9vdCBDQSAtIEcyMB4X > DTA5MDQwMTAwMDAwMFoXDTI5MDMzMTIzNTk1OVowgYwxCzAJBgNVBAYTAlVTMRcw > FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEwMC4GA1UECxMnRm9yIFRlc3QgUHVycG9z > ZXMgT25seS4gIE5vIGFzc3VyYW5jZXMuMTIwMAYDVQQDEylWZXJpU2lnbiBUcmlh > bCBTZWN1cmUgU2VydmVyIFJvb3QgQ0EgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQAD > ggEPADCCAQoCggEBAMCJggWnSVAcIomnvCFhXlCdgafCKCDxVSNQY2jhYGZXcZsq > ToJmDQ7b9JO39VCPnXELOENP2+4FNCUQnzarLfghsJ8kQ9pxjRTfcMp0bsH+Gk/1 > qLDgvf9WuiBa5SM/jXNvroEQZwPuMZg4r2E2k0412VTq9ColODYNDZw3ziiYdSjV > fY3VfbsLSXJIh2jaJC5kVRsUsx72s4/wgGXbb+P/XKr15nMIB0yH9A5tiCCXQ5nO > EV7/ddZqmL3zdeAtyGmijOxjwiy+GS6xr7KACfbPEJYZYaS/P0wctIOyQy6CkNKL > o5vDDkOZks0zjf6RAzNXZndvsXEJpQe5WO1avm8CAwEAAaOBsjCBrzAPBgNVHRMB > Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkw > VzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZ > LjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjAdBgNVHQ4E > FgQUSBnnkm+SnTRjmcDwmcjWpYyMf2UwDQYJKoZIhvcNAQEFBQADggEBADuswa8C > 0hunHp17KJQ0WwNRQCp8f/u4L8Hz/TiGfybnaMXgn0sKI8Xe79iGE91M7vrzh0Gt > ap0GLShkiqHGsHkIxBcVMFbEQ1VS63XhTeg36cWQ1EjOHmu+8tQe0oZuwFsYYdfs > n4EZcpspiep9LFc/hu4FE8SsY6MiasHR2Ay97UsC9A3S7ZaoHfdwyhtcINXCu2lX > W0Gpi3vzWRvwqgua6dm2WVKJfvPfmS1mAP0YmTcIwjdiNXiU6sSsJEoNlTR9zCoo > 4oKQ8wVoWZpbuPZb5geszhS7YsABUPIAAfF1YQCiMULtpa6HFzzm7sdf72N3HfwE > aQNg95KnKGrrDUI= > -----END CERTIFICATE----- > > Below are all instructions stated for this place which I have follwed: > > Installation Instructions > For Microsoft Browsers > > 1.Click on the "Secure Site Trial Root Certificate" link above. > 2.Save the certificate into a file with a .cer extension. > 3.Open a Microsoft IE Browser. > 4.Go to Tools > Internet Options > Content > Certificates > 5.Click Import. A certificate manager Import Wizard will appear. Click Next. > 6.Browse to the location of the recently stored root (done in step 2). Select ALL files for file type. > 7.Select the certificate and click Open. > 8.Click Next. > 9.Select "Automatically select the certificate store based on the type of the certificate". Click Ok. > 10.Click Next then Finish. > 11.When prompted and asked if you wish to add the following certificate to the root store, click Yes. > > For last step I was not asked to add trial certificate to the root store. > > > I did not do below steps(stated from Tomcat documentation), because these ones require keystore file: > > "Import the Chain Certificate into your keystore > > keytool -import -alias root -keystore <your_keystore_filename> \ > -trustcacerts -file <filename_of_the_chain_certificate> > > > And finally import your new Certificate > > keytool -import -alias tomcat -keystore <your_keystore_filename> \ > -file <your_certificate_filename>" > > > > 6.- Restart tomcat: It did not generate any error, but when I open IE with link https://localhost:8443/ > appears below message: > > There is a problem with the security certificate for this site > Go to this website (not recommended). > > When I clicked on this message (Go to this website (not recommended), it is showed Tomcat page but in the IE's toolbar > indicates "Certificate Error". My question here is how do I disappear this annoying indication?. >
Use the server name you got the certificate for in the link instead of localhost. > > Regards > > ----- Original Message ----- > From: "Christopher Schultz" <ch...@christopherschultz.net> > To: "Tomcat Users List" <users@tomcat.apache.org> > Sent: Friday, October 26, 2012 2:29:28 PM > Subject: Re: Implementing SSL and error invocating > https://localhost:8443/(Tomcat 7.0 on Windows 7) > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Gabriel, > > On 10/26/12 11:57 AM, Gabriel Huerta Araujo wrote: > > Regarding password I run keytool indicating my password which is > > the same as the indicated in my connector section: > > > > keytool -list -keystore .keystore -storepass x_men_gha Tipo de > > almacén de claves: JKS Proveedor de almacén de claves: SUN > > > > Su almacén de claves contiene 2 entradas > > > > root, 24/10/2012, trustedCertEntry, Huella digital de certificado > > (MD5): E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 tomcat, > > 24/10/2012, trustedCertEntry, Huella digital de certificado (MD5): > > E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 > > I don't usually use keystores... do the "root" and "tomcat" strings in > there indicate the "alias" for each entry? > > Hmm... when I create a keystore like this: > > $ keytool -genkey -alias tomcat -keyalg RSA > > $ keytool -list > Keystore type: JKS > Keystore provider: SUN > > Your keystore contains 1 entry > > tomcat, Oct 26, 2012, PrivateKeyEntry, > Certificate fingerprint (SHA1): > C1:8A:4F:EF:80:AB:41:8E:10:B4:98:6B:C4:EE:58:7E:7A:F2:8C:A8 > > Note the "PrivateKeyEntry" in there: you need to have the > certificate's private key available in order to unlock the > certificate. Can you try re-creating your keystore and posting all the > commands you use? > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ > > iEYEARECAAYFAlCK5JgACgkQ9CaO5/Lv0PB43gCgusGt82p+037mjGlwk0UsFtQ9 > cBoAmwZrEYkIXxNjW7MF/Mqk9raXdhyB > =9CMe > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
