Tomcat 3.3 and SSL Certificate Key with a Passphrase

[Inash Zubair <in...@leptone.com>]

Hi.

I've been trying to tackle a problem with adding an SSL certificate to
the keystore using the keytool. We have purchased a Verisign SSL
Secure Site Pro certificate which was generated with a key using a
passphrase. It was generated using OpenSSL. I have been able to make
it work with Apache.

However, we have a web application that needs to be secured running
Tomcat 3.3. When I add the intermediate certificate and our private
certificate and restart Tomcat, and try to connect to it using the
browser, it displays an error stating that the security protocol is
not recognized.

I've tried several alternative methods of adding the certificate to
the keystore but haven't been able to configure tomcat to use the
passphrase. I've seen it is possible with the later versions using a
configuration directive SSLPassphrase in the server.xml configuration
file.

Hope I get a solution for it to work with Tomcat 3.3. Thanks and Cheers!


-- 
- Inash

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Tomcat 3.3 and SSL Certificate Key with a Passphrase

[Bill Barker <wb...@wilshire.com>]

"Inash Zubair" <in...@leptone.com> wrote in message 
news:295e9b8d0707212003u15d2700em94b7b41611922a7d@mail.gmail.com...
> Hi.
>
> I've been trying to tackle a problem with adding an SSL certificate to
> the keystore using the keytool. We have purchased a Verisign SSL
> Secure Site Pro certificate which was generated with a key using a
> passphrase. It was generated using OpenSSL. I have been able to make
> it work with Apache.
>
> However, we have a web application that needs to be secured running
> Tomcat 3.3. When I add the intermediate certificate and our private
> certificate and restart Tomcat, and try to connect to it using the
> browser, it displays an error stating that the security protocol is
> not recognized.
>
> I've tried several alternative methods of adding the certificate to
> the keystore but haven't been able to configure tomcat to use the
> passphrase. I've seen it is possible with the later versions using a
> configuration directive SSLPassphrase in the server.xml configuration
> file.
>
> Hope I get a solution for it to work with Tomcat 3.3. Thanks and Cheers!
>

For the most part, the solution is much the same for Tomcat 3.3 as it is for 
the later versions.  Usually the easiest is to use OpenSSL to create a 
PCKS12 file, and use that for the keystoreFile.  Another possible 
alternative is to do something like http://www.comu.de/docs/tomcat_ssl.htm.

>
> -- 
> - Inash
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
> 




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: Tomcat 3.3 and SSL Certificate Key with a Passphrase

["Caldarale, Charles R" <Ch...@unisys.com>]

> From: Inash Zubair [mailto:inash@leptone.com] 
> Subject: Tomcat 3.3 and SSL Certificate Key with a Passphrase
> 
> However, we have a web application that needs to be secured running
> Tomcat 3.3.

Don't suppose you'd consider moving to a more recent level?  3.3 was
last touched over five years ago.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org