You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Abhishek Srivastava <ab...@gmail.com> on 2010/11/18 10:04:40 UTC
configuring https enabled tomcat using user and CA certificate
I have both user and CA certificate and trying to import into keystore
"newkeystore" file
*C:\>keytool -import -alias root -keystore newkeystore -trustcacerts -file
cacert.pem*
*C:\>keytool -import -alias tomcat -keystore newkeystore -file usercert.pem*
then I have configured this newkeystore in *tomcat6.0* server.xml
file...given the contents..
*<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:/newkeystore"
keystorePass="welcome"
keyStoreType="JKS"
keyAlias="root"
/>*
and also tried with giving alias keyAlias="tomcat"
we are facing the error in starting of tomcat....
SEVERE: Error initializing endpoint
java.io.IOException: Alias name root does not identify a key entry
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:446)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:409)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:125)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:496)
at
org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
at
org.apache.catalina.connector.Connector.initialize(Connector.java:1058)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java:677)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
at org.apache.catalina.startup.Catalina.load(Catalina.java:530)
at org.apache.catalina.startup.Catalina.load(Catalina.java:550)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
18 Nov, 2010 7:34:16 AM org.apache.catalina.startup.Catalina load
SEVERE: Catalina.start
LifecycleException: Protocol handler initialization failed:
java.io.IOException: Alias name root does not identify a key entry
at
org.apache.catalina.connector.Connector.initialize(Connector.java:1060)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java:677)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
at org.apache.catalina.startup.Catalina.load(Catalina.java:530)
at org.apache.catalina.startup.Catalina.load(Catalina.java:550)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
--
Thanks & Regards,
Abhishek Srivastava
+919731897198
Re: configuring https enabled tomcat using user and CA certificate
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Abhishek,
On 11/18/2010 5:41 AM, Abhishek Srivastava wrote:
> well can u tell me the exact way of importing the key. I mean which command
> i must use.
You have imported a certificate with the alias "root". Instead, you
should import a key with the alias "root".
You might want to read this:
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Prepare_the_Certificate_Keystore
> *How I can enable my tomcat on https with given certificates like
> userkey.pem, usercert.pem and cacert.pem.*
I think you want "trustStore" for your user certificates, not "keyStore".
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkzlSTcACgkQ9CaO5/Lv0PCbVgCfWu8+hUHHKOspyUl9872wxyU2
Ec0An2sBwOjTFybyGQq+DmJolJlM9/Bn
=Z4rc
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: configuring https enabled tomcat using user and CA certificate
Posted by Abhishek Srivastava <ab...@gmail.com>.
thanks.
well can u tell me the exact way of importing the key. I mean which command
i must use.
I have one userkey.pem also....
I have one pkcs12 file which is combination of usercert.pem and
userkey.pem...should I merge this with cacert.pem..
*How I can enable my tomcat on https with given certificates like
userkey.pem, usercert.pem and cacert.pem.*
On Thu, Nov 18, 2010 at 3:55 PM, Mark Thomas <ma...@apache.org> wrote:
> On 18/11/2010 09:04, Abhishek Srivastava wrote:
> > SEVERE: Error initializing endpoint
> > java.io.IOException: Alias name root does not identify a key entry
>
> That tells you what is wrong. You have imported the cert but not the
> associated private key.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
Thanks & Regards,
Abhishek Srivastava
+919731897198
Re: configuring https enabled tomcat using user and CA certificate
Posted by Mark Thomas <ma...@apache.org>.
On 18/11/2010 09:04, Abhishek Srivastava wrote:
> SEVERE: Error initializing endpoint
> java.io.IOException: Alias name root does not identify a key entry
That tells you what is wrong. You have imported the cert but not the
associated private key.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org