You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Michael Casale <mc...@knoa.com> on 2006/11/08 19:05:53 UTC
Tomcat 5.5 not recognizing my trustedCertEntry?
Hi All,
I'm very new to Tomcat, so please excuse my ignorance. I'm setting up a
server with Tomcat and SSL for our developers. For their product they
must use Tomcat 5.5 - they can not upgrade to 6 at this time.
The problem: I've purchased a cert from Geotrust.com, successfully
imported it into the keystore using keytool, yet the tomcat welcome page
kept coming up blank when I navigated to the SSL site on the server:
https://servername:8443. There were no errors in the error log. The page
works fine at the default address of http://servername:8080.
Here is what I've done:
1. I downloaded the root chain cert from geotrust.com and created my
keystore successfully, adding it and my newly purchased cert into the
keystore file.
2. I restarted tomcat and received no errors. But navigating to the
server in a browser shows a "Page cannot be found error". Running
netstat -an in a command prompt shows port 8443 open and accepting
connections.
2. To test if it was my cert or Keystore file, I borrowed a keystore
from our developer and used it instead, and everything worked - page
opened fine when navigating to it at https://server:8443
<https://server:8443/> .
3. So, I have a problem with my Keystore. I then imported my cert into
his test keystore, but when I navigated to the page it used his key and
not mine.
4. Next: I added the keyAlias="tomcat1" tag into the SSL connector
configs in the server.xml file, and restarted tomcat. And of course I
get this error in the Catalina error log:
"java.io.IOException: Alias name tomcat1 does not identify a key entry"
5. Next: I ran keystore -list and noted that his keys are listed as
"keys" (duh) and my key is listed as a "trustedCertEntry" - which is
probably why the system won't use it when I use the keyAlias="tomcat"
tag in the server.xml file.
So - my big question is: how do I get tomcat to recognize my
trustedCertEntry as a valid Key? Do I need to create my own certificate
and place it in the original keystore I created, along with the root and
the cert I bought? Is there a tag for the server.xml file that will
force it to use the trustedCertEntry I imported into the keytool?
Here is a copy of the connector settings for server.xml, for the
configuration that loads without errors:
<Connector className="org.apache.coyote.tomcat5.CoyoteConnector"
port="8443"
minProcessors="5" maxProcessors="20"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https"
secure="true"
sslProtocol="TLS"
keystoreFile="c:\files\keystore"
keystorePass="PASSWORD"/>
Thanks for any and all help provided,
Michael Casale
Systems Administrator / IT Manager
Knoa Software
mcasale@knoa.com <ma...@knoa.com>
Ph. (212) 807-9608 ext. 6000
Fax (212) 675-6121