You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Mark Liu <ma...@yahoo.com> on 2003/03/13 06:39:28 UTC
Why can't I use my CA-generated certificate for Tomcat SSL?
I know how to use keytool to generate a self-signed
certificate and run Tomcat with SSL.
I want to use a certificate that is generated by my
little Java program which is part of my Certification
Authority.
So I have my little Java program generate a X509
Certificate called cert4ca.cer.
Then I deletee the tomcat certificate in my keystore
and successfully imported cert4ca.cer into my keystore
as alias tomcat. See the attached file cert4ca.cer.
It's a valid one, otherwise, I would not have been
able to import it into my keystore.
After I launch tomcat, I can visit http://localhost,
but not https://localhost.
However, I am able to visit both http and https if I
use the certificate generated by keytool.
So, would you please give me a hint, how can I use the
certificate generated by my little Java program to run
tomcat with SSL?
Thanks a lot in advance.
__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com
Re: Why can't I use my CA-generated certificate for Tomcat SSL?
Posted by Mufaddal Khumri <mu...@wmotion.com>.
Did you read my second email ?
The certificate that you generate ... is your certificate generation
application associating the host name and the certificate ? Lets say
the host tomcat is running on is my.webserver.com .... then is your
certificate generating app associating this with the certificate its
generating ?
Thanks.
On Friday, March 14, 2003, at 03:19 AM, Mark Liu wrote:
> Hello, thank you very much for your reply.
>
> I think server.xml is irrelevant to my problem, since
> I am able to run Tomcat SSL using the certificate that
> is generated by keytool.
>
> --- Mufaddal Khumri <mu...@wmotion.com> wrote:
>> Have you edited your server.xml ?
>>
>> <!-- Define a SSL Coyote HTTP/1.1 Connector on
>> port 8443 -->
>>
>> <Connector
>>
> className="org.apache.coyote.tomcat4.CoyoteConnector"
>> port="8443" minProcessors="5"
>> maxProcessors="75"
>> enableLookups="true"
>> acceptCount="100" debug="0" scheme="https"
>> secure="true"
>> useURIValidationHack="false"
>> disableUploadTimeout="true">
>> <Factory
>>
> className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
>> clientAuth="false" protocol="TLS" />
>> </Connector>
>>
>> On Thursday, March 13, 2003, at 11:09 AM, Mark Liu
>> wrote:
>>
>>> I know how to use keytool to generate a
>> self-signed
>>> certificate and run Tomcat with SSL.
>>>
>>> I want to use a certificate that is generated by
>> my
>>> little Java program which is part of my
>> Certification
>>> Authority.
>>>
>>> So I have my little Java program generate a X509
>>> Certificate called cert4ca.cer.
>>>
>>> Then I deletee the tomcat certificate in my
>> keystore
>>> and successfully imported cert4ca.cer into my
>> keystore
>>> as alias tomcat. See the attached file
>> cert4ca.cer.
>>> It's a valid one, otherwise, I would not have been
>>> able to import it into my keystore.
>>>
>>> After I launch tomcat, I can visit
>> http://localhost,
>>> but not https://localhost.
>>>
>>> However, I am able to visit both http and https if
>> I
>>> use the certificate generated by keytool.
>>>
>>> So, would you please give me a hint, how can I use
>> the
>>> certificate generated by my little Java program to
>> run
>>> tomcat with SSL?
>>>
>>> Thanks a lot in advance.
>>>
>>>
>>> __________________________________________________
>>> Do you Yahoo!?
>>> Yahoo! Web Hosting - establish your business
>> online
>>> http://
>>>
>>
> webhosting.yahoo.com<cert4ca.cer>--------------------------------------
>>
>>> -------------------------------
>>> To unsubscribe, e-mail:
>> tomcat-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail:
>> tomcat-user-help@jakarta.apache.org
>>
>>
>>
> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail:
>> tomcat-user-help@jakarta.apache.org
>>
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Web Hosting - establish your business online
> http://webhosting.yahoo.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Why can't I use my CA-generated certificate for Tomcat SSL?
Posted by Mark Liu <ma...@yahoo.com>.
Hello, thank you very much for your reply.
I think server.xml is irrelevant to my problem, since
I am able to run Tomcat SSL using the certificate that
is generated by keytool.
--- Mufaddal Khumri <mu...@wmotion.com> wrote:
> Have you edited your server.xml ?
>
> <!-- Define a SSL Coyote HTTP/1.1 Connector on
> port 8443 -->
>
> <Connector
>
className="org.apache.coyote.tomcat4.CoyoteConnector"
> port="8443" minProcessors="5"
> maxProcessors="75"
> enableLookups="true"
> acceptCount="100" debug="0" scheme="https"
> secure="true"
> useURIValidationHack="false"
> disableUploadTimeout="true">
> <Factory
>
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
> clientAuth="false" protocol="TLS" />
> </Connector>
>
> On Thursday, March 13, 2003, at 11:09 AM, Mark Liu
> wrote:
>
> > I know how to use keytool to generate a
> self-signed
> > certificate and run Tomcat with SSL.
> >
> > I want to use a certificate that is generated by
> my
> > little Java program which is part of my
> Certification
> > Authority.
> >
> > So I have my little Java program generate a X509
> > Certificate called cert4ca.cer.
> >
> > Then I deletee the tomcat certificate in my
> keystore
> > and successfully imported cert4ca.cer into my
> keystore
> > as alias tomcat. See the attached file
> cert4ca.cer.
> > It's a valid one, otherwise, I would not have been
> > able to import it into my keystore.
> >
> > After I launch tomcat, I can visit
> http://localhost,
> > but not https://localhost.
> >
> > However, I am able to visit both http and https if
> I
> > use the certificate generated by keytool.
> >
> > So, would you please give me a hint, how can I use
> the
> > certificate generated by my little Java program to
> run
> > tomcat with SSL?
> >
> > Thanks a lot in advance.
> >
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Web Hosting - establish your business
> online
> > http://
> >
>
webhosting.yahoo.com<cert4ca.cer>--------------------------------------
>
> > -------------------------------
> > To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
>
__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Why can't I use my CA-generated certificate for Tomcat SSL?
Posted by Mufaddal Khumri <mu...@wmotion.com>.
Have you edited your server.xml ?
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="100" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true">
<Factory
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS" />
</Connector>
On Thursday, March 13, 2003, at 11:09 AM, Mark Liu wrote:
> I know how to use keytool to generate a self-signed
> certificate and run Tomcat with SSL.
>
> I want to use a certificate that is generated by my
> little Java program which is part of my Certification
> Authority.
>
> So I have my little Java program generate a X509
> Certificate called cert4ca.cer.
>
> Then I deletee the tomcat certificate in my keystore
> and successfully imported cert4ca.cer into my keystore
> as alias tomcat. See the attached file cert4ca.cer.
> It's a valid one, otherwise, I would not have been
> able to import it into my keystore.
>
> After I launch tomcat, I can visit http://localhost,
> but not https://localhost.
>
> However, I am able to visit both http and https if I
> use the certificate generated by keytool.
>
> So, would you please give me a hint, how can I use the
> certificate generated by my little Java program to run
> tomcat with SSL?
>
> Thanks a lot in advance.
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Web Hosting - establish your business online
> http://
> webhosting.yahoo.com<cert4ca.cer>--------------------------------------
> -------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Why can't I use my CA-generated certificate for Tomcat SSL?
Posted by Mark Liu <ma...@yahoo.com>.
I just gave it a test.
I have a working keystore on host A, and I copied that
keystore to host B. And it works for both. In other
words, I am able to launch Tomcat SSL with the same
keytool-generated certificate on 2 different hosts.
Any idea about how to run Tomcat SSL with my own
CA-generated certificate?
--- Mufaddal Khumri <mu...@wmotion.com> wrote:
> The certificate that you generate ... is your
> certificate generation
> application associating the host name and the
> certificate ? Lets say
> the host tomcat is running on is my.webserver.com
> .... then is your
> certificate generating app associating this with the
> certificate its
> generating ?
>
> Thanks.
>
> On Thursday, March 13, 2003, at 11:09 AM, Mark Liu
> wrote:
>
> > I know how to use keytool to generate a
> self-signed
> > certificate and run Tomcat with SSL.
> >
> > I want to use a certificate that is generated by
> my
> > little Java program which is part of my
> Certification
> > Authority.
> >
> > So I have my little Java program generate a X509
> > Certificate called cert4ca.cer.
> >
> > Then I deletee the tomcat certificate in my
> keystore
> > and successfully imported cert4ca.cer into my
> keystore
> > as alias tomcat. See the attached file
> cert4ca.cer.
> > It's a valid one, otherwise, I would not have been
> > able to import it into my keystore.
> >
> > After I launch tomcat, I can visit
> http://localhost,
> > but not https://localhost.
> >
> > However, I am able to visit both http and https if
> I
> > use the certificate generated by keytool.
> >
> > So, would you please give me a hint, how can I use
> the
> > certificate generated by my little Java program to
> run
> > tomcat with SSL?
> >
> > Thanks a lot in advance.
> >
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Web Hosting - establish your business
> online
> > http://
> >
>
webhosting.yahoo.com<cert4ca.cer>--------------------------------------
>
> > -------------------------------
> > To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
>
__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Why can't I use my CA-generated certificate for Tomcat SSL?
Posted by Mark Liu <ma...@yahoo.com>.
OK, are you suggesting that the certificate generated
by keytool associates the host name and the
certificate?
--- Mufaddal Khumri <mu...@wmotion.com> wrote:
> The certificate that you generate ... is your
> certificate generation
> application associating the host name and the
> certificate ? Lets say
> the host tomcat is running on is my.webserver.com
> .... then is your
> certificate generating app associating this with the
> certificate its
> generating ?
>
> Thanks.
>
> On Thursday, March 13, 2003, at 11:09 AM, Mark Liu
> wrote:
>
> > I know how to use keytool to generate a
> self-signed
> > certificate and run Tomcat with SSL.
> >
> > I want to use a certificate that is generated by
> my
> > little Java program which is part of my
> Certification
> > Authority.
> >
> > So I have my little Java program generate a X509
> > Certificate called cert4ca.cer.
> >
> > Then I deletee the tomcat certificate in my
> keystore
> > and successfully imported cert4ca.cer into my
> keystore
> > as alias tomcat. See the attached file
> cert4ca.cer.
> > It's a valid one, otherwise, I would not have been
> > able to import it into my keystore.
> >
> > After I launch tomcat, I can visit
> http://localhost,
> > but not https://localhost.
> >
> > However, I am able to visit both http and https if
> I
> > use the certificate generated by keytool.
> >
> > So, would you please give me a hint, how can I use
> the
> > certificate generated by my little Java program to
> run
> > tomcat with SSL?
> >
> > Thanks a lot in advance.
> >
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Web Hosting - establish your business
> online
> > http://
> >
>
webhosting.yahoo.com<cert4ca.cer>--------------------------------------
>
> > -------------------------------
> > To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
>
__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Why can't I use my CA-generated certificate for Tomcat SSL?
Posted by Mufaddal Khumri <mu...@wmotion.com>.
The certificate that you generate ... is your certificate generation
application associating the host name and the certificate ? Lets say
the host tomcat is running on is my.webserver.com .... then is your
certificate generating app associating this with the certificate its
generating ?
Thanks.
On Thursday, March 13, 2003, at 11:09 AM, Mark Liu wrote:
> I know how to use keytool to generate a self-signed
> certificate and run Tomcat with SSL.
>
> I want to use a certificate that is generated by my
> little Java program which is part of my Certification
> Authority.
>
> So I have my little Java program generate a X509
> Certificate called cert4ca.cer.
>
> Then I deletee the tomcat certificate in my keystore
> and successfully imported cert4ca.cer into my keystore
> as alias tomcat. See the attached file cert4ca.cer.
> It's a valid one, otherwise, I would not have been
> able to import it into my keystore.
>
> After I launch tomcat, I can visit http://localhost,
> but not https://localhost.
>
> However, I am able to visit both http and https if I
> use the certificate generated by keytool.
>
> So, would you please give me a hint, how can I use the
> certificate generated by my little Java program to run
> tomcat with SSL?
>
> Thanks a lot in advance.
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Web Hosting - establish your business online
> http://
> webhosting.yahoo.com<cert4ca.cer>--------------------------------------
> -------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org