You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by bajistaman <ba...@gmail.com> on 2007/09/03 14:42:05 UTC
Re: Problems with SSL-enabled Tomcat 5.5
I have the same problem than you Werner, everything looks fine but the
browser is unable to verify the identity of my site. Firefox says:
a) Or the browser doesn't recognize the CA that is supporting the cert.
b) Or the cert is uncomplete because of a wrong server configuration.
c) Or the site is pretending to be something that is not
So still trying to find what is wrong.
BTW, my CA gives an intermediate cert that I didn't use because agentbob's
tip didn't say anything about it. Maybe I need to install as part of the
process just as the CA website says. Did you have to install the
intermediate one?
Thanks,
Johann
--
View this message in context: http://www.nabble.com/Problems-with-SSL-enabled-Tomcat-5.5-tf4349872.html#a12461106
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problems with SSL-enabled Tomcat 5.5
Posted by Hassan Schroeder <ha...@gmail.com>.
On 9/3/07, Werner Schalk <we...@gmx.de> wrote:
> ... what I ended up doing was buying a new certificate
Your CA wouldn't let you submit a new CSR and re-issue the cert??
That's surprising.
--
Hassan Schroeder ------------------------ hassan.schroeder@gmail.com
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problems with SSL-enabled Tomcat 5.5
Posted by Bhuvanmp <bh...@gmail.com>.
HI, i im also having the same problem.
java.io.IOException: Alias name aliasName does not identify a key entry.
But i m not bale to over come it. I m using keytool not opessl. Please
suggst me.
thanks ,Bhuvan MP
bajistaman wrote:
>
> So what you did was to create a new private key, CSR and then just follow
> the instructions from your CA and everything worked?
>
> Thanks,
>
> Johann
>
--
View this message in context: http://www.nabble.com/Problems-with-SSL-enabled-Tomcat-5.5-tp12394044p22491455.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problems with SSL-enabled Tomcat 5.5
Posted by bajistaman <ba...@gmail.com>.
So what you did was to create a new private key, CSR and then just follow the
instructions from your CA and everything worked?
Thanks,
Johann
--
View this message in context: http://www.nabble.com/Problems-with-SSL-enabled-Tomcat-5.5-tf4349872.html#a12463871
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problems with SSL-enabled Tomcat 5.5
Posted by bajistaman <ba...@gmail.com>.
Ok, now it is working, I was missing the root cert.
I generated a script that did all the work:
JAVA_HOME=/usr/java/latest
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
THE_NAME=www.dummy.org
export THE_NAME
rm /root/.keystore
rm /usr/share/tomcat5/.keystore
openssl pkcs8 -topk8 -nocrypt -in ${THE_NAME}_key.pem -inform PEM -out
${THE_NAME}_key.der -outform DER
openssl x509 -in rootCA_cer.pem -inform PEM -out rootCA_cer.der -outform DER
openssl x509 -in intermediateCA_cer.pem -inform PEM -out
intermediateCA_cer.der -outform DER
openssl x509 -in ${THE_NAME}_cer.pem -inform PEM -out ${THE_NAME}_cer.der
-outform DER
cat ${THE_NAME}_cer.der intermediateCA_cer.der rootCA_cer.der >
${THE_NAME}_all_cer.der
javac *.java
java ImportKey ${THE_NAME}_key.der ${THE_NAME}_all_cer.der
cp /root/keystore.ImportKey /root/.keystore
cp /root/.keystore /usr/share/tomcat5/.keystore
keytool -keypass changeit -storepass changeit -list
--
View this message in context: http://www.nabble.com/Problems-with-SSL-enabled-Tomcat-5.5-tf4349872.html#a12467259
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problems with SSL-enabled Tomcat 5.5
Posted by Werner Schalk <we...@gmx.de>.
Hi,
I tried with the Intermediate Cert as well but then I had the same problems
(see below). Take a look at the
comments on AgentBob's website, one is mentioning putting all certs together
to make this work.
At least for me it didn't and what I ended up doing was buying a new
certificate unfortunately.
Please let me know if you have another solution.
Bye,
Werner
----- Original Message -----
From: "bajistaman" <ba...@gmail.com>
To: <us...@tomcat.apache.org>
Sent: Monday, September 03, 2007 2:42 PM
Subject: Re: Problems with SSL-enabled Tomcat 5.5
>
> I have the same problem than you Werner, everything looks fine but the
> browser is unable to verify the identity of my site. Firefox says:
> a) Or the browser doesn't recognize the CA that is supporting the cert.
> b) Or the cert is uncomplete because of a wrong server configuration.
> c) Or the site is pretending to be something that is not
>
> So still trying to find what is wrong.
> BTW, my CA gives an intermediate cert that I didn't use because agentbob's
> tip didn't say anything about it. Maybe I need to install as part of the
> process just as the CA website says. Did you have to install the
> intermediate one?
>
> Thanks,
>
> Johann
>
> --
> View this message in context:
> http://www.nabble.com/Problems-with-SSL-enabled-Tomcat-5.5-tf4349872.html#a12461106
> Sent from the Tomcat - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org