You are viewing a plain text version of this content. The canonical link for it is here.
Posted to soap-user@xml.apache.org by "陳照東) <alex@erp.ncu.edu.tw>" <Alex> on 2001/04/11 05:38:09 UTC

Tomcat +SSL = need someone help!!!!

hi all:
          ok, my sample just seems work fine, but exactly has some problem..

           i will show u all the details in parts.
           1. i  execute instructions below :
//**************************************************************************
***************
                  keytool -genkey -alias tomcat-sv -dname
"CN=Server,OU=ComputerEngineering, O= Trinity College Dublin,L=Dublin,
S=Dublin, C=IE" -keyalg RSA -keypass changeit  -storepass changeit -keystore
server.keystore
//**************************************************************************
******
and

//**************************************************************************
****
keytool -export -alias tomcat-sv -storepass changeit -file
server.cer -keystore server.keystore
//**************************************************************************
******
                                                      to generate a
server.cer

               2. i execute instructions below to generate the client.cer:
//**************************************************************************
****
keytool -genkey -alias tomcat-cl -dname "CN=Client,OU=TRL, O=IBM,
L=Yamato-shi, S=Kanagawa-ken, C=JP" -keyalg RSA -keypass changeit -storepass
changeit -keystore client.keystore
//**************************************************************************
*******

and
//**************************************************************************
******
      keytool -export -alias tomcat-cl -storepass changeit -file
client.cer -keystore client.keystore
//**************************************************************************
******************


and then i import the certificate into the keystore::

//**************************************************************************
******************
 keytool -import -v -trustcacerts -alias tomcat -file server.cer  -keystore
client.keystore -keypass changeit -storepass changeit
 keytool -import -v -trustcacerts -alias tomcat -file client.cer  -keystore
server.keystore -keypass changeit -storepass changeit

//**************************************************************************
*****************

    and then i modify the Tomcat Server.xml seetings:  (And i move the
server.Keystore to soap directory /bin/), but i wonder know,  where i should
to put the client.Keystore to????????
and  now, i just let it stay in the jdk1.3/bin/  directory, am i worng or
miss something???
//**************************************************************************
****************
<Connector className ="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler" value
="org.apache.tomcat.service.http.HttpConnectionHandler"/>
             <Parameter name="port" value="8443"/>
             <Parameter name="socketFactory"
                 value="org.apache.tomcat.net.SSLSocketFactory" />
             <Parameter name="keystore" value="d:
\apache\soap-2_1\bin\server.keystore" />
             <Parameter name="keypass" value="changeit"/>
             <Parameter name="clientAuth" value="true"/>
         </Connector>
//**************************************************************************
****************

last, i modity my client soap code like this:( Note: it's in my JSP code)


System.setProperty("javax.net.ssl.trustStore","D://jdk1.3.0_02/bin/client.ke
ystore");

System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.ww
w.protocol");

     java.security.Security.addProvider(new
com.sun.net.ssl.internal.ssl.Provider());

     URL url = new URL( "Https://localhost:8443/soap/servlet/rpcrouter" );

//**************************************************************************
*******
and now i got Errors :

//*****************************************************************
java.lang.reflect.InvocationTargetException: java.net.SocketException:
Connectio
n aborted by peer: socket write error

        at java.net.SocketOutputStream.socketWrite(Native Method)
        at java.net.SocketOutputStream.write(SocketOutputStream.java:83)
        at
com.sun.net.ssl.internal.ssl.OutputRecord.a([DashoPro-V1.2-120198])
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
        at
com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush([DashoPro-V1.2-
120198])

java.lang.reflect.InvocationTargetException: javax.net.ssl.SSLException:
Receive
d fatal alert: bad_certificate

        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.b([DashoPro-V1.2-120198])
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
        at
com.sun.net.ssl.internal.ssl.AppOutputStream.write([DashoPro-V1.2-120
198])

//*********************************************************************
ok, it's all my procedures above showing.
      i think, the part of certificate is some of weird... coz' i cant find
out the relationships between
      server and client.... am i got worng?????
      if somebody u had work for it, please tell me.....



IT DEP. Special Team-XML 
       Alex      
Tel:(03)4227151 ext:6024

alex@ERP.NCU.EDU.TW
=We Do Enterprise Services=