You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Stewart Walker <sw...@caspercollege.edu> on 2004/02/20 03:25:52 UTC

import a server certificate tomcat5.0.18

Hope everybody is having a good day.

Could really use your help getting past the below error while
trying to setup/import a server certificate.

The required jsse jar files are in
$JAVA_HOME/jre/lib/ext

The IBMJava was installed during the Linux install. As far
as I can tell it isn't running anything and $JAVA_HOME/bin
is first in the path. But I still wonder.

keytool was run by root in $JAVA_HOME/bin

Haven't done anything with apache yet our web based servlet app is
working on 8080 with tomcat.
Thanks.

Linux ES 2.1
249-e.37 kernel
j2sdk1.4.2_03
tomcat5.0.18

$PATH

/usr/kerberos/sbin:
/usr/kerberos/bin:
/usr/java/j2sdk1.4.2_03/bin:
/opt/IBMJava2-131/bin:
/opt/IBMJava2-131/jre/bin:
/usr/local/sbin:/sbin:/usr/sbin:
/bin:/usr/bin:/usr/bin/X11:
/usr/local/bin:
/usr/bin:
/usr/X11R6/bin:
/root/bin:

[root@]# ps aux |grep java
root      2985 27.0  0.7 246712 29368 pts/5  S    08:38   0:04
/usr/java/j2sdk1.
root      2986  0.0  0.7 246712 29368 pts/5  S    08:38   0:00
/usr/java/j2sdk1.
this is just a snipit..

[root@ssl/ca]#ls -l
-rwxr-xr-x    1 root     apache        785 Feb 18 10:16 ca.csr
-rwxr-xr-x    1 root     apache        887 Feb 18 10:16 ca.key
-rwxr-xr-x    1 root     apache       1066 Feb 18 10:17 ca.pem


root@bin]# openssl req -new -newkey /
rsa:1024 -nodes -out /usr/java/ssl/ca/ca.csr /
-keyout /usr/java/ssl/ca/ca.key
Using configuration from /usr/share/ssl/openssl.cnf
Generating a 1024 bit RSA private key
.............++++++
......++++++
writing new private key to '/usr/java/ssl/ca/ca.key'
-----
ok works fine

root@bin]# openssl x509 -trustout /
-signkey /usr/java/ssl/ca/ca.key /
-days 720 -req -in /usr/java/ssl/ca/ca.csr /
-out /usr/java/ssl/ca/ca.pem
Signature ok
subject=/C=US/ST=state/L=city/O=City state/OU=dept/CN=computer/Email=email
Getting Private key
ok works fine

root@bin]# keytool -import -keystore /
$JAVA_HOME/jre/lib/security/cacerts /
-file /usr/java/ssl/ca/ca.pem -alias test_ca
Enter keystore password:  changeit
Exception in thread "main" java.lang.ExceptionInInitializerError
        at javax.crypto.Cipher.a(DashoA6275)
        at javax.crypto.Cipher.getInstance(DashoA6275)
        at
com.baltimore.jcrypto.provider.crypto.signatures.RSASignature.<init>([DashoPro-
V1.3-013000])
        at
com.baltimore.jcrypto.provider.crypto.signatures.JCRYPTO_RSAwithMD5Signature.
<init>([DashoPro-V1.3-013000])
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)

at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorI
mpl.java:39)
        at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructor
AccessorImpl.java:27)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
        at java.lang.Class.newInstance0(Class.java:308)
        at java.lang.Class.newInstance(Class.java:261)
        at java.security.Security.doGetImpl(Security.java:1137)
        at java.security.Security.doGetImpl(Security.java:1084)
        at java.security.Security.getImpl(Security.java:1045)
        at java.security.Signature.getInstance(Signature.java:169)
        at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:425)
        at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:383)
        at sun.security.tools.KeyTool.addTrustedCert(KeyTool.java:1251)
        at sun.security.tools.KeyTool.doCommands(KeyTool.java:512)
        at sun.security.tools.KeyTool.run(KeyTool.java:124)
        at sun.security.tools.KeyTool.main(KeyTool.java:118)
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
        at javax.crypto.SunJCE_b.<clinit>(DashoA6275)
        ... 20 more
Caused by: java.security.PrivilegedActionException:
java.security.cert.CertificateException: OIDs::getInstance() - Cannot find
any
provider
supporting RSA
        at java.security.AccessController.doPrivileged(Native Method)
        ... 21 more
Caused by: java.security.cert.Cer
tificateException: OIDs::getInstance() - Cannot find
any provider supporting RSA
        at
com.baltimore.jpkiplus.x509.JCRYPTO_X509Certificate.verify([DashoPro-
V1.3-013000])
        at javax.crypto.SunJCE_b.c(DashoA6275)
        at javax.crypto.SunJCE_b.b(DashoA6275)
        at javax.crypto.SunJCE_s.run(DashoA6275)
        ... 22 more


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org