You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Rommel Sharma <ro...@mahindrabt.com> on 2004/01/26 14:47:16 UTC
Re: Using HTTPS with keystore and trust store files
What I can say is this:
1. In keystoreFile attribute provide the complete path
(C:\MyCertFolder\mykeystore.ks)
Same for truststore.
2. Where do I specify the file that store the client's certificate?
In your client code that makes a call to the https specify the location of
the keystore and in the server side code that you will will write, get the
message context
(someting like:
MessageContext context = MessageContext.getCurrentContext();
...
HttpServletRequest req = (HttpServletRequest)context .getProperty
(HTTPConstants.MC_HTTP_SERVLETREQUEST);
// and the code to match the client certificate with the client keystore on
the server
// so you specify its location on the server having the same client
keystore...
)
Hope this helps,
Regards,
Rommel.
----- Original Message -----
From: "Alex Chen" <ac...@packetmotion.com>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Wednesday, February 25, 2004 11:30 PM
Subject: Using HTTPS with keystore and trust store files
> Hi,
> I am trying to set up Tomcat for HTTPS connection with keystore and
> truststore files. I want to use Tomcat as the
> web server so the port number is 80 and 443 for HTTP and HTTPS,
> respectively. I am running Tomcat on Windows XP.
>
> Here is the 'Connector' entry in %CATALINA_HOME%\conf\server.xml.
> <Connector port="443"
> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> enableLookups="false" disableUploadTimeout="true"
> acceptCount="100" debug="0" scheme="https" secure="true"
> clientAuth="true" sslProtocol="TLS"
> keystoreFile="server.ks" keystoreType="JCEKS"
> keystorePass="changeit"
> truststoreFile="server.ts" truststoreType="JCEKS" >
> </Connector>
>
> When I start tomcat, I get the following error:
>
> java.io.FileNotFoundException: server.ks (The system cannot find the
> file specif
> ied)
> at java.io.FileInputStream.open(Native Method)
> at java.io.FileInputStream.<init>(FileInputStream.java:106)
> at java.io.FileInputStream.<init>(FileInputStream.java:66)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket
> Factory.java:262)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc
> ketFactory.java:232)
> ......
>
> I tried to put the file in different places, the user's home directory
> in C:\Documents and Settings\%user%\,
> %CATALINA_HOME%\, %CATALINA_HOME%\webapps, %CATALINA_HOME%\webapps\ROOT,
> but they all failed.
>
> My questions are:
> 1. Where should the keystore file be stored if I set the 'keystoreFile'
> attribute in Connector element?
>
> 2. If I set 'clientAuth' to true, shouldn't there be a place to store
> the the client's certificate, i.e. the truststore?
> Where do I specify the file that store the client's certificate?
> I saw the truststoreFile attribute in an example from
> http://www.j2ee-security.net/book/sample-chap/
> It sets this attribute in a 'Factory' subelement. But that is for
> Tomcat 4.X.
>
> Any help is appreciated.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
*********************************************************
Disclaimer
This message (including any attachments) contains
confidential information intended for a specific
individual and purpose, and is protected by law.
If you are not the intended recipient, you should
delete this message and are hereby notified that
any disclosure, copying, or distribution of this
message, or the taking of any action based on it,
is strictly prohibited.
*********************************************************
Visit us at http://www.mahindrabt.com
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Using HTTPS with keystore and trust store files
Posted by Alex Chen <ac...@packetmotion.com>.
Thanks, Rommel,
Rommel Sharma wrote:
>What I can say is this:
>1. In keystoreFile attribute provide the complete path
>(C:\MyCertFolder\mykeystore.ks)
> Same for truststore.
>
>2. Where do I specify the file that store the client's certificate?
>In your client code that makes a call to the https specify the location of
>the keystore and in the server side code that you will will write, get the
>message context
>(someting like:
> MessageContext context = MessageContext.getCurrentContext();
> ...
> HttpServletRequest req = (HttpServletRequest)context .getProperty
>(HTTPConstants.MC_HTTP_SERVLETREQUEST);
>
> // and the code to match the client certificate with the client keystore on
>the server
>// so you specify its location on the server having the same client
>keystore...
>)
>
>Hope this helps,
>Regards,
>Rommel.
>
>----- Original Message -----
>From: "Alex Chen" <ac...@packetmotion.com>
>To: "Tomcat Users List" <to...@jakarta.apache.org>
>Sent: Wednesday, February 25, 2004 11:30 PM
>Subject: Using HTTPS with keystore and trust store files
>
>
>
>>Hi,
>> I am trying to set up Tomcat for HTTPS connection with keystore and
>>truststore files. I want to use Tomcat as the
>>web server so the port number is 80 and 443 for HTTP and HTTPS,
>>respectively. I am running Tomcat on Windows XP.
>>
>>Here is the 'Connector' entry in %CATALINA_HOME%\conf\server.xml.
>> <Connector port="443"
>> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>> enableLookups="false" disableUploadTimeout="true"
>> acceptCount="100" debug="0" scheme="https" secure="true"
>> clientAuth="true" sslProtocol="TLS"
>> keystoreFile="server.ks" keystoreType="JCEKS"
>> keystorePass="changeit"
>> truststoreFile="server.ts" truststoreType="JCEKS" >
>> </Connector>
>>
>>When I start tomcat, I get the following error:
>>
>>java.io.FileNotFoundException: server.ks (The system cannot find the
>>file specif
>>ied)
>> at java.io.FileInputStream.open(Native Method)
>> at java.io.FileInputStream.<init>(FileInputStream.java:106)
>> at java.io.FileInputStream.<init>(FileInputStream.java:66)
>> at
>>org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket
>>Factory.java:262)
>> at
>>org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc
>>ketFactory.java:232)
>>......
>>
>>I tried to put the file in different places, the user's home directory
>>in C:\Documents and Settings\%user%\,
>>%CATALINA_HOME%\, %CATALINA_HOME%\webapps, %CATALINA_HOME%\webapps\ROOT,
>>but they all failed.
>>
>>My questions are:
>>1. Where should the keystore file be stored if I set the 'keystoreFile'
>>attribute in Connector element?
>>
>>2. If I set 'clientAuth' to true, shouldn't there be a place to store
>>the the client's certificate, i.e. the truststore?
>> Where do I specify the file that store the client's certificate?
>> I saw the truststoreFile attribute in an example from
>>http://www.j2ee-security.net/book/sample-chap/
>> It sets this attribute in a 'Factory' subelement. But that is for
>>Tomcat 4.X.
>>
>>Any help is appreciated.
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>>
>
>*********************************************************
>Disclaimer
>
>This message (including any attachments) contains
>confidential information intended for a specific
>individual and purpose, and is protected by law.
>If you are not the intended recipient, you should
>delete this message and are hereby notified that
>any disclosure, copying, or distribution of this
>message, or the taking of any action based on it,
>is strictly prohibited.
>
>*********************************************************
>Visit us at http://www.mahindrabt.com
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org