You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Bhuvanesh Pattanashetti <bh...@gmail.com> on 2009/03/13 06:02:53 UTC
Re: Cofiguring tomcat for trial certificate by trusted authorities
like verisign not working.
HI All,thanks all for your suggestions. :-)
Here are following some more details.
I m using
- tomcat 6.0,
- JDK 1.6,
- no i m not using keystore.
- I m running on Xp with Spring-DM framework.
connector is as follows.
<Connector
port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keyAlias="aliasName"
keystoreFile="KEeySrotePath" keystorePass="password"
clientAuth="false" sslProtocol="TLS"/>
I have generated the keystore using keytool.
Please suggest me further.
On Fri, Mar 13, 2009 at 7:51 AM, Bill Barker <wb...@wilshire.com> wrote:
> Willing to try and play psychic ;).
>
> Procedure 1 is what you want. But the keystore must be the same one that
> you used to create the CSR you sent to Verisign. This is by far the second
> most common mistake that people make when setting up Tomcat to use SSL. As
> Chuck suggested, check if you are using APR (the SSL configuration options
> are different, and APR can't use a JKS keystore). This is the most common
> mistake. Verisign has an intermediate cert as well. You'll likely need to
> import that as well. And of course, import the Verisign root cert.
>
>
> "Bhuvanesh Pattanashetti" <bh...@gmail.com> wrote in message
> news:bce69da80903120948v7c2f1693md9db7e74e6e3f994@mail.gmail.com...
> > Hi all,
> > I m trying to set up the SSL for tomcat server. I wanted to know what
> > exactly is the procedure.
> > here is what i have followed.
> >
> > Procedure 1.
> >
> > 1. Created my own keystore.
> > 2. Imported the trial certificate (provided by Verisign ) into the
> > keystore.
> > 3. Added a ssl connector component in to the conf/server.xml into
> tomcat
> > configuration file.
> > 4. Started the Server, When tried accessing connector port from
> browser,
> > I got cannot display the webpage.
> > 5.
> >
> > procedure 2 :
> >
> > 1. Created my own keystore.
> > 2. Imported the trial certificate (provided by Verisign ) into the
> > keystore.
> > 3. Imported the trial certificate (provided by Verisign ) into the
> > cacerts from jre/lib/security/cacerts.
> > 4. Added a ssl connector component in to the conf/server.xml into
> tomcat
> > configuration file mentioning keyAlias pointing to imported certificate
> > alias.
> > 5. Started the Server, at start up i got the folliwing exception
> >
> > java.io.IOException: Alias name mykeyalias does not identify a key
> entry
> >
> > I had importing the root certificate or intrmediate certificate first
> > before
> > importing trial verisign certificate suggested by tomcat.
> > But none of the things are working :-( please suggest me.
> > thanks in advance.
> > Bhuvan P
> >
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Cofiguring tomcat for trial certificate by trusted authorities
like verisign not working.
Posted by Bhuvanesh Pattanashetti <bh...@gmail.com>.
Some more information regarding my problem statement,
i followed exactly like this,
1. created the keystore using keytool
2. created CSR using the -certreq using keytool
3. sent the same to verisign and get the certificate as as a reply.
4. imported the root certificate provided by verisign.
5. imported the intermediate cert provided by verisign.
6. inported that trial certificate provided by verisign into the same
keystore from which i generated the CSR
7. referred the keystore from the <connector/> component.(I have posted
my connector configuration ablove
8. when i started the server i got the following error,
java.io.IOException: Alias name aliasName does not identify a key entry.
please suggest me further.
Thanks,
Bhuvan P
On Fri, Mar 13, 2009 at 10:32 AM, Bhuvanesh Pattanashetti <
bhuvanmp@gmail.com> wrote:
> HI All,thanks all for your suggestions. :-)
>
> Here are following some more details.
>
> I m using
>
> - tomcat 6.0,
> - JDK 1.6,
> - no i m not using keystore.
> - I m running on Xp with Spring-DM framework.
> connector is as follows.
>
> <Connector
> port="8443" minSpareThreads="5" maxSpareThreads="75"
> enableLookups="true" disableUploadTimeout="true"
> acceptCount="100" maxThreads="200"
> scheme="https" secure="true" SSLEnabled="true"
> keyAlias="aliasName"
> keystoreFile="KEeySrotePath" keystorePass="password"
> clientAuth="false" sslProtocol="TLS"/>
>
> I have generated the keystore using keytool.
> Please suggest me further.
>
>
>
>
>
> On Fri, Mar 13, 2009 at 7:51 AM, Bill Barker <wb...@wilshire.com> wrote:
>
>> Willing to try and play psychic ;).
>>
>> Procedure 1 is what you want. But the keystore must be the same one that
>> you used to create the CSR you sent to Verisign. This is by far the
>> second
>> most common mistake that people make when setting up Tomcat to use SSL.
>> As
>> Chuck suggested, check if you are using APR (the SSL configuration options
>> are different, and APR can't use a JKS keystore). This is the most common
>> mistake. Verisign has an intermediate cert as well. You'll likely need
>> to
>> import that as well. And of course, import the Verisign root cert.
>>
>>
>> "Bhuvanesh Pattanashetti" <bh...@gmail.com> wrote in message
>> news:bce69da80903120948v7c2f1693md9db7e74e6e3f994@mail.gmail.com...
>> > Hi all,
>> > I m trying to set up the SSL for tomcat server. I wanted to know what
>> > exactly is the procedure.
>> > here is what i have followed.
>> >
>> > Procedure 1.
>> >
>> > 1. Created my own keystore.
>> > 2. Imported the trial certificate (provided by Verisign ) into the
>> > keystore.
>> > 3. Added a ssl connector component in to the conf/server.xml into
>> tomcat
>> > configuration file.
>> > 4. Started the Server, When tried accessing connector port from
>> browser,
>> > I got cannot display the webpage.
>> > 5.
>> >
>> > procedure 2 :
>> >
>> > 1. Created my own keystore.
>> > 2. Imported the trial certificate (provided by Verisign ) into the
>> > keystore.
>> > 3. Imported the trial certificate (provided by Verisign ) into the
>> > cacerts from jre/lib/security/cacerts.
>> > 4. Added a ssl connector component in to the conf/server.xml into
>> tomcat
>> > configuration file mentioning keyAlias pointing to imported
>> certificate
>> > alias.
>> > 5. Started the Server, at start up i got the folliwing exception
>> >
>> > java.io.IOException: Alias name mykeyalias does not identify a key
>> entry
>> >
>> > I had importing the root certificate or intrmediate certificate first
>> > before
>> > importing trial verisign certificate suggested by tomcat.
>> > But none of the things are working :-( please suggest me.
>> > thanks in advance.
>> > Bhuvan P
>> >
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
Re: Cofiguring tomcat for trial certificate by trusted authorities
like verisign not working.
Posted by Bhuvanesh Pattanashetti <bh...@gmail.com>.
Ohh i was sorry for the above two statement. :(
I m using the keystore. (Keytool)
and i m not using APR.
thanks.
Bhuvan
On Fri, Mar 13, 2009 at 7:00 PM, Caldarale, Charles R <
Chuck.Caldarale@unisys.com> wrote:
> > From: Bhuvanesh Pattanashetti [mailto:bhuvanmp@gmail.com]
> > Subject: Re: Cofiguring tomcat for trial certificate by
> > trusted authorities like verisign not working.
> >
> > - no i m not using keystore.
>
> <snip>
>
> > I have generated the keystore using keytool.
>
> Please reconcile the above two statements.
>
> Also, answer the question: are you using APR? (Do you have tcnative-1.dll
> in Tomcat's bin directory?)
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
RE: Cofiguring tomcat for trial certificate by trusted authorities
like verisign not working.
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Bhuvanesh Pattanashetti [mailto:bhuvanmp@gmail.com]
> Subject: Re: Cofiguring tomcat for trial certificate by
> trusted authorities like verisign not working.
>
> - no i m not using keystore.
<snip>
> I have generated the keystore using keytool.
Please reconcile the above two statements.
Also, answer the question: are you using APR? (Do you have tcnative-1.dll in Tomcat's bin directory?)
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Cofiguring tomcat for trial certificate by trusted authorities
like verisign not working.
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bhuvanesh,
On 3/16/2009 8:40 AM, Bhuvanesh Pattanashetti wrote:
> Hi ,I had tried that was y also.. now i m able to get the SSL working with
> the thawte trial SSL certificate.
> but not with the Verisign yet. i dono why.
If you are using an EV cert, there are /two /intermediate certs that you
need to install. Have you installed both of their intermediate certs? I
know they offer a single file that contains both, so that may be an
option as well (or you may have imported both of them without realizing it).
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkm+u90ACgkQ9CaO5/Lv0PAtegCeJ3creKsQOF0SsQ1784C7jf6b
STQAnA4hpSRDeLVn0YsYo5UxbWKmE+IW
=BQ1+
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Cofiguring tomcat for trial certificate by trusted authorities
like verisign not working.
Posted by Bhuvanesh Pattanashetti <bh...@gmail.com>.
Hi ,I had tried that was y also.. now i m able to get the SSL working with
the thawte trial SSL certificate.
but not with the Verisign yet. i dono why.
Even after this importing the CA Certificate. i m getting the alert for
non-Secure items. So is that the reason that i dont have the paid SSL
certificate. or even the trail cert from thawte would behave as same as the
paid one.
Thanks,
Bhuvan P
On Sun, Mar 15, 2009 at 4:24 AM, Bill Barker <wb...@wilshire.com> wrote:
>
> "Bhuvanesh Pattanashetti" <bh...@gmail.com> wrote in message
> news:bce69da80903122202i384a040cj66e5089fc14f6641@mail.gmail.com...
> > HI All,thanks all for your suggestions. :-)
> >
> > Here are following some more details.
> >
> > I m using
> >
> > - tomcat 6.0,
> > - JDK 1.6,
> > - no i m not using keystore.
> > - I m running on Xp with Spring-DM framework.
> > connector is as follows.
> >
> > <Connector
> > port="8443" minSpareThreads="5" maxSpareThreads="75"
> > enableLookups="true" disableUploadTimeout="true"
> > acceptCount="100" maxThreads="200"
> > scheme="https" secure="true" SSLEnabled="true"
> > keyAlias="aliasName"
> > keystoreFile="KEeySrotePath" keystorePass="password"
> > clientAuth="false" sslProtocol="TLS"/>
> >
> ^
> If you remove the keyAlias from | it will probably just work.
>
> > I have generated the keystore using keytool.
> > Please suggest me further.
> >
> >
> >
> >
> >
> > On Fri, Mar 13, 2009 at 7:51 AM, Bill Barker <wb...@wilshire.com>
> wrote:
> >
> >> Willing to try and play psychic ;).
> >>
> >> Procedure 1 is what you want. But the keystore must be the same one
> that
> >> you used to create the CSR you sent to Verisign. This is by far the
> >> second
> >> most common mistake that people make when setting up Tomcat to use SSL.
> >> As
> >> Chuck suggested, check if you are using APR (the SSL configuration
> >> options
> >> are different, and APR can't use a JKS keystore). This is the most
> >> common
> >> mistake. Verisign has an intermediate cert as well. You'll likely need
> >> to
> >> import that as well. And of course, import the Verisign root cert.
> >>
> >>
> >> "Bhuvanesh Pattanashetti" <bh...@gmail.com> wrote in message
> >> news:bce69da80903120948v7c2f1693md9db7e74e6e3f994@mail.gmail.com...
> >> > Hi all,
> >> > I m trying to set up the SSL for tomcat server. I wanted to know what
> >> > exactly is the procedure.
> >> > here is what i have followed.
> >> >
> >> > Procedure 1.
> >> >
> >> > 1. Created my own keystore.
> >> > 2. Imported the trial certificate (provided by Verisign ) into the
> >> > keystore.
> >> > 3. Added a ssl connector component in to the conf/server.xml into
> >> tomcat
> >> > configuration file.
> >> > 4. Started the Server, When tried accessing connector port from
> >> browser,
> >> > I got cannot display the webpage.
> >> > 5.
> >> >
> >> > procedure 2 :
> >> >
> >> > 1. Created my own keystore.
> >> > 2. Imported the trial certificate (provided by Verisign ) into the
> >> > keystore.
> >> > 3. Imported the trial certificate (provided by Verisign ) into the
> >> > cacerts from jre/lib/security/cacerts.
> >> > 4. Added a ssl connector component in to the conf/server.xml into
> >> tomcat
> >> > configuration file mentioning keyAlias pointing to imported
> >> > certificate
> >> > alias.
> >> > 5. Started the Server, at start up i got the folliwing exception
> >> >
> >> > java.io.IOException: Alias name mykeyalias does not identify a key
> >> entry
> >> >
> >> > I had importing the root certificate or intrmediate certificate first
> >> > before
> >> > importing trial verisign certificate suggested by tomcat.
> >> > But none of the things are working :-( please suggest me.
> >> > thanks in advance.
> >> > Bhuvan P
> >> >
> >>
> >>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Cofiguring tomcat for trial certificate by trusted authorities like verisign not working.
Posted by Bill Barker <wb...@wilshire.com>.
"Bhuvanesh Pattanashetti" <bh...@gmail.com> wrote in message
news:bce69da80903122202i384a040cj66e5089fc14f6641@mail.gmail.com...
> HI All,thanks all for your suggestions. :-)
>
> Here are following some more details.
>
> I m using
>
> - tomcat 6.0,
> - JDK 1.6,
> - no i m not using keystore.
> - I m running on Xp with Spring-DM framework.
> connector is as follows.
>
> <Connector
> port="8443" minSpareThreads="5" maxSpareThreads="75"
> enableLookups="true" disableUploadTimeout="true"
> acceptCount="100" maxThreads="200"
> scheme="https" secure="true" SSLEnabled="true"
> keyAlias="aliasName"
> keystoreFile="KEeySrotePath" keystorePass="password"
> clientAuth="false" sslProtocol="TLS"/>
>
^
If you remove the keyAlias from | it will probably just work.
> I have generated the keystore using keytool.
> Please suggest me further.
>
>
>
>
>
> On Fri, Mar 13, 2009 at 7:51 AM, Bill Barker <wb...@wilshire.com> wrote:
>
>> Willing to try and play psychic ;).
>>
>> Procedure 1 is what you want. But the keystore must be the same one that
>> you used to create the CSR you sent to Verisign. This is by far the
>> second
>> most common mistake that people make when setting up Tomcat to use SSL.
>> As
>> Chuck suggested, check if you are using APR (the SSL configuration
>> options
>> are different, and APR can't use a JKS keystore). This is the most
>> common
>> mistake. Verisign has an intermediate cert as well. You'll likely need
>> to
>> import that as well. And of course, import the Verisign root cert.
>>
>>
>> "Bhuvanesh Pattanashetti" <bh...@gmail.com> wrote in message
>> news:bce69da80903120948v7c2f1693md9db7e74e6e3f994@mail.gmail.com...
>> > Hi all,
>> > I m trying to set up the SSL for tomcat server. I wanted to know what
>> > exactly is the procedure.
>> > here is what i have followed.
>> >
>> > Procedure 1.
>> >
>> > 1. Created my own keystore.
>> > 2. Imported the trial certificate (provided by Verisign ) into the
>> > keystore.
>> > 3. Added a ssl connector component in to the conf/server.xml into
>> tomcat
>> > configuration file.
>> > 4. Started the Server, When tried accessing connector port from
>> browser,
>> > I got cannot display the webpage.
>> > 5.
>> >
>> > procedure 2 :
>> >
>> > 1. Created my own keystore.
>> > 2. Imported the trial certificate (provided by Verisign ) into the
>> > keystore.
>> > 3. Imported the trial certificate (provided by Verisign ) into the
>> > cacerts from jre/lib/security/cacerts.
>> > 4. Added a ssl connector component in to the conf/server.xml into
>> tomcat
>> > configuration file mentioning keyAlias pointing to imported
>> > certificate
>> > alias.
>> > 5. Started the Server, at start up i got the folliwing exception
>> >
>> > java.io.IOException: Alias name mykeyalias does not identify a key
>> entry
>> >
>> > I had importing the root certificate or intrmediate certificate first
>> > before
>> > importing trial verisign certificate suggested by tomcat.
>> > But none of the things are working :-( please suggest me.
>> > thanks in advance.
>> > Bhuvan P
>> >
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org