You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Mark Liu <ma...@yahoo.com> on 2003/03/13 06:39:28 UTC

Why can't I use my CA-generated certificate for Tomcat SSL?

I know how to use keytool to generate a self-signed
certificate and run Tomcat with SSL.

I want to use a certificate that is generated by my
little Java program which is part of my Certification
Authority.

So I have my little Java program generate a X509
Certificate called cert4ca.cer.

Then I deletee the tomcat certificate in my keystore
and successfully imported cert4ca.cer into my keystore
as alias tomcat.  See the attached file cert4ca.cer. 
It's a valid one, otherwise, I would not have been
able to import it into my keystore.

After I launch tomcat, I can visit http://localhost,
but not https://localhost.

However, I am able to visit both http and https if I
use the certificate generated by keytool.

So, would you please give me a hint, how can I use the
certificate generated by my little Java program to run
tomcat with SSL?

Thanks a lot in advance.


__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com

Re: Why can't I use my CA-generated certificate for Tomcat SSL?

Posted by Mufaddal Khumri <mu...@wmotion.com>.

Did you read my second email ?

The certificate that you generate ... is your certificate generation 
application associating the host name and the certificate ? Lets say 
the host tomcat is running on is my.webserver.com .... then is your 
certificate generating app associating this with the certificate its 
generating ?

Thanks.

On Friday, March 14, 2003, at 03:19  AM, Mark Liu wrote:

> Hello, thank you very much for your reply.
>
> I think server.xml is irrelevant to my problem, since
> I am able to run Tomcat SSL using the certificate that
> is generated by keytool.
>
> --- Mufaddal Khumri <mu...@wmotion.com> wrote:
>> Have you edited your server.xml ?
>>
>>      <!-- Define a SSL Coyote HTTP/1.1 Connector on
>> port 8443 -->
>>
>>      <Connector
>>
> className="org.apache.coyote.tomcat4.CoyoteConnector"
>>                 port="8443" minProcessors="5"
>> maxProcessors="75"
>>                 enableLookups="true"
>> 	       acceptCount="100" debug="0" scheme="https"
>> secure="true"
>>                 useURIValidationHack="false"
>> disableUploadTimeout="true">
>>        <Factory
>>
> className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
>>                 clientAuth="false" protocol="TLS" />
>>      </Connector>
>>
>> On Thursday, March 13, 2003, at 11:09  AM, Mark Liu
>> wrote:
>>
>>> I know how to use keytool to generate a
>> self-signed
>>> certificate and run Tomcat with SSL.
>>>
>>> I want to use a certificate that is generated by
>> my
>>> little Java program which is part of my
>> Certification
>>> Authority.
>>>
>>> So I have my little Java program generate a X509
>>> Certificate called cert4ca.cer.
>>>
>>> Then I deletee the tomcat certificate in my
>> keystore
>>> and successfully imported cert4ca.cer into my
>> keystore
>>> as alias tomcat.  See the attached file
>> cert4ca.cer.
>>> It's a valid one, otherwise, I would not have been
>>> able to import it into my keystore.
>>>
>>> After I launch tomcat, I can visit
>> http://localhost,
>>> but not https://localhost.
>>>
>>> However, I am able to visit both http and https if
>> I
>>> use the certificate generated by keytool.
>>>
>>> So, would you please give me a hint, how can I use
>> the
>>> certificate generated by my little Java program to
>> run
>>> tomcat with SSL?
>>>
>>> Thanks a lot in advance.
>>>
>>>
>>> __________________________________________________
>>> Do you Yahoo!?
>>> Yahoo! Web Hosting - establish your business
>> online
>>> http://
>>>
>>
> webhosting.yahoo.com<cert4ca.cer>--------------------------------------
>>
>>> -------------------------------
>>> To unsubscribe, e-mail:
>> tomcat-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail:
>> tomcat-user-help@jakarta.apache.org
>>
>>
>>
> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail:
>> tomcat-user-help@jakarta.apache.org
>>
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Web Hosting - establish your business online
> http://webhosting.yahoo.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Why can't I use my CA-generated certificate for Tomcat SSL?

Posted by Mark Liu <ma...@yahoo.com>.

Hello, thank you very much for your reply.

I think server.xml is irrelevant to my problem, since
I am able to run Tomcat SSL using the certificate that
is generated by keytool.

--- Mufaddal Khumri <mu...@wmotion.com> wrote:
> Have you edited your server.xml ?
> 
>      <!-- Define a SSL Coyote HTTP/1.1 Connector on
> port 8443 -->
> 
>      <Connector
>
className="org.apache.coyote.tomcat4.CoyoteConnector"
>                 port="8443" minProcessors="5"
> maxProcessors="75"
>                 enableLookups="true"
> 	       acceptCount="100" debug="0" scheme="https"
> secure="true"
>                 useURIValidationHack="false"
> disableUploadTimeout="true">
>        <Factory  
>
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
>                 clientAuth="false" protocol="TLS" />
>      </Connector>
> 
> On Thursday, March 13, 2003, at 11:09  AM, Mark Liu
> wrote:
> 
> > I know how to use keytool to generate a
> self-signed
> > certificate and run Tomcat with SSL.
> >
> > I want to use a certificate that is generated by
> my
> > little Java program which is part of my
> Certification
> > Authority.
> >
> > So I have my little Java program generate a X509
> > Certificate called cert4ca.cer.
> >
> > Then I deletee the tomcat certificate in my
> keystore
> > and successfully imported cert4ca.cer into my
> keystore
> > as alias tomcat.  See the attached file
> cert4ca.cer.
> > It's a valid one, otherwise, I would not have been
> > able to import it into my keystore.
> >
> > After I launch tomcat, I can visit
> http://localhost,
> > but not https://localhost.
> >
> > However, I am able to visit both http and https if
> I
> > use the certificate generated by keytool.
> >
> > So, would you please give me a hint, how can I use
> the
> > certificate generated by my little Java program to
> run
> > tomcat with SSL?
> >
> > Thanks a lot in advance.
> >
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Web Hosting - establish your business
> online
> > http:// 
> >
>
webhosting.yahoo.com<cert4ca.cer>--------------------------------------
> 
> > -------------------------------
> > To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
> 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
> 


__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Why can't I use my CA-generated certificate for Tomcat SSL?

Posted by Mufaddal Khumri <mu...@wmotion.com>.

Have you edited your server.xml ?

     <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->

     <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
                port="8443" minProcessors="5" maxProcessors="75"
                enableLookups="true"
	       acceptCount="100" debug="0" scheme="https" secure="true"
                useURIValidationHack="false" disableUploadTimeout="true">
       <Factory  
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
                clientAuth="false" protocol="TLS" />
     </Connector>

On Thursday, March 13, 2003, at 11:09  AM, Mark Liu wrote:

> I know how to use keytool to generate a self-signed
> certificate and run Tomcat with SSL.
>
> I want to use a certificate that is generated by my
> little Java program which is part of my Certification
> Authority.
>
> So I have my little Java program generate a X509
> Certificate called cert4ca.cer.
>
> Then I deletee the tomcat certificate in my keystore
> and successfully imported cert4ca.cer into my keystore
> as alias tomcat.  See the attached file cert4ca.cer.
> It's a valid one, otherwise, I would not have been
> able to import it into my keystore.
>
> After I launch tomcat, I can visit http://localhost,
> but not https://localhost.
>
> However, I am able to visit both http and https if I
> use the certificate generated by keytool.
>
> So, would you please give me a hint, how can I use the
> certificate generated by my little Java program to run
> tomcat with SSL?
>
> Thanks a lot in advance.
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Web Hosting - establish your business online
> http:// 
> webhosting.yahoo.com<cert4ca.cer>-------------------------------------- 
> -------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Why can't I use my CA-generated certificate for Tomcat SSL?

Posted by Mark Liu <ma...@yahoo.com>.

I just gave it a test.

I have a working keystore on host A, and I copied that
keystore to host B.  And it works for both.  In other
words, I am able to launch Tomcat SSL with the same
keytool-generated certificate on 2 different hosts.

Any idea about how to run Tomcat SSL with my own
CA-generated certificate?


--- Mufaddal Khumri <mu...@wmotion.com> wrote:
> The certificate that you generate ... is your
> certificate generation  
> application associating the host name and the
> certificate ? Lets say  
> the host tomcat is running on is my.webserver.com
> .... then is your  
> certificate generating app associating this with the
> certificate its  
> generating ?
> 
> Thanks.
> 
> On Thursday, March 13, 2003, at 11:09  AM, Mark Liu
> wrote:
> 
> > I know how to use keytool to generate a
> self-signed
> > certificate and run Tomcat with SSL.
> >
> > I want to use a certificate that is generated by
> my
> > little Java program which is part of my
> Certification
> > Authority.
> >
> > So I have my little Java program generate a X509
> > Certificate called cert4ca.cer.
> >
> > Then I deletee the tomcat certificate in my
> keystore
> > and successfully imported cert4ca.cer into my
> keystore
> > as alias tomcat.  See the attached file
> cert4ca.cer.
> > It's a valid one, otherwise, I would not have been
> > able to import it into my keystore.
> >
> > After I launch tomcat, I can visit
> http://localhost,
> > but not https://localhost.
> >
> > However, I am able to visit both http and https if
> I
> > use the certificate generated by keytool.
> >
> > So, would you please give me a hint, how can I use
> the
> > certificate generated by my little Java program to
> run
> > tomcat with SSL?
> >
> > Thanks a lot in advance.
> >
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Web Hosting - establish your business
> online
> > http:// 
> >
>
webhosting.yahoo.com<cert4ca.cer>--------------------------------------
> 
> > -------------------------------
> > To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
> 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
> 


__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Why can't I use my CA-generated certificate for Tomcat SSL?

Posted by Mark Liu <ma...@yahoo.com>.

OK, are you suggesting that the certificate generated
by keytool associates the host name and the
certificate?  

--- Mufaddal Khumri <mu...@wmotion.com> wrote:
> The certificate that you generate ... is your
> certificate generation  
> application associating the host name and the
> certificate ? Lets say  
> the host tomcat is running on is my.webserver.com
> .... then is your  
> certificate generating app associating this with the
> certificate its  
> generating ?
> 
> Thanks.
> 
> On Thursday, March 13, 2003, at 11:09  AM, Mark Liu
> wrote:
> 
> > I know how to use keytool to generate a
> self-signed
> > certificate and run Tomcat with SSL.
> >
> > I want to use a certificate that is generated by
> my
> > little Java program which is part of my
> Certification
> > Authority.
> >
> > So I have my little Java program generate a X509
> > Certificate called cert4ca.cer.
> >
> > Then I deletee the tomcat certificate in my
> keystore
> > and successfully imported cert4ca.cer into my
> keystore
> > as alias tomcat.  See the attached file
> cert4ca.cer.
> > It's a valid one, otherwise, I would not have been
> > able to import it into my keystore.
> >
> > After I launch tomcat, I can visit
> http://localhost,
> > but not https://localhost.
> >
> > However, I am able to visit both http and https if
> I
> > use the certificate generated by keytool.
> >
> > So, would you please give me a hint, how can I use
> the
> > certificate generated by my little Java program to
> run
> > tomcat with SSL?
> >
> > Thanks a lot in advance.
> >
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Web Hosting - establish your business
> online
> > http:// 
> >
>
webhosting.yahoo.com<cert4ca.cer>--------------------------------------
> 
> > -------------------------------
> > To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
> 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
> 


__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Why can't I use my CA-generated certificate for Tomcat SSL?

Posted by Mufaddal Khumri <mu...@wmotion.com>.

The certificate that you generate ... is your certificate generation  
application associating the host name and the certificate ? Lets say  
the host tomcat is running on is my.webserver.com .... then is your  
certificate generating app associating this with the certificate its  
generating ?

Thanks.

On Thursday, March 13, 2003, at 11:09  AM, Mark Liu wrote:

> I know how to use keytool to generate a self-signed
> certificate and run Tomcat with SSL.
>
> I want to use a certificate that is generated by my
> little Java program which is part of my Certification
> Authority.
>
> So I have my little Java program generate a X509
> Certificate called cert4ca.cer.
>
> Then I deletee the tomcat certificate in my keystore
> and successfully imported cert4ca.cer into my keystore
> as alias tomcat.  See the attached file cert4ca.cer.
> It's a valid one, otherwise, I would not have been
> able to import it into my keystore.
>
> After I launch tomcat, I can visit http://localhost,
> but not https://localhost.
>
> However, I am able to visit both http and https if I
> use the certificate generated by keytool.
>
> So, would you please give me a hint, how can I use the
> certificate generated by my little Java program to run
> tomcat with SSL?
>
> Thanks a lot in advance.
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Web Hosting - establish your business online
> http:// 
> webhosting.yahoo.com<cert4ca.cer>-------------------------------------- 
> -------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org