You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Hitesh Raghav <Hi...@symantec.com> on 2007/10/26 14:15:46 UTC
PKCS#12 type SSL certificate support in Tomcat
Dear All,
Is there any limitation to support PKCS#12 type SSL certificate in
Tomcat.
As per Tomcat User Guide, Tomcat currently operates with JKS, PKCS11 or
PKCS12 format keystores.
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
But, I'm unable to use PKCS#12 certificate in my Tomcat.
It throws:
java.io.IOException: Invalid keystore format
at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)
at
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
at java.security.KeyStore.load(KeyStore.java:1185)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFac
tory.java:287)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocket
Factory.java:227)
at
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE1
4SocketFactory.java:142)
at
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFac
tory.java:110)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocke
tFactory.java:89)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.
java:293)
at
org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java
:139)
at
org.apache.catalina.connector.Connector.initialize(Connector.java:1017)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java
:578)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:7
82)
at
org.apache.catalina.startup.Catalina.load(Catalina.java:504)
at
org.apache.catalina.startup.Catalina.load(Catalina.java:524)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267)
at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
Could you please throw some light on PKCS#12 type certificate support.
Please let me know in case any details are needed.
Thanks,
-Hitesh
Re: PKCS#12 type SSL certificate support in Tomcat
Posted by Mark Thomas <ma...@apache.org>.
Hitesh Raghav wrote:
> Hi Lucas,
>
> I'm using following <connector/> configuration:
> <Connector port="8443" maxHttpHeaderSize="8192"
> maxThreads="150" minSpareThreads="25"
> maxSpareThreads="75"
> enableLookups="false" disableUploadTimeout="true"
> acceptCount="100" scheme="https" secure="true"
> clientAuth="false" sslProtocol="TLS" />
> <Factory
> className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
> clientAuth="false" protocol="TLS"
> keystoreFile="keystore/.keystore"
> keystorePass="changeit"
> keystoreType="pkcs12" />
>
> Please let me know in case any other details are needed.
That suggests a old Tomcat 4 version. Earlier you quoted the 5.5 docs.
Which version are you actually using? I haven't tested this with
Tomcat 4 but I suspect you'll need 4.1.36 for this to work.
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: PKCS#12 type SSL certificate support in Tomcat
Posted by Lucas Galfaso <lg...@gmail.com>.
HI Hitesh,
I think you are suppose to add your pkcs12 key to a keystore
repository (to the default alias name "tomcat", of course, this can be
also changed) and then reference this keystore repository from within
Tomcat.
Regards,
lg
On Oct 30, 2007 3:39 AM, Hitesh Raghav <Hi...@symantec.com> wrote:
> Hi Lucas,
>
> I'm using following <connector/> configuration:
>
> <Connector port="8443" maxHttpHeaderSize="8192"
>
> maxThreads="150" minSpareThreads="25"
> maxSpareThreads="75"
>
> enableLookups="false" disableUploadTimeout="true"
>
> acceptCount="100" scheme="https" secure="true"
>
> clientAuth="false" sslProtocol="TLS" />
>
> <Factory
> className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
>
> clientAuth="false" protocol="TLS"
>
> keystoreFile="keystore/.keystore"
>
> keystorePass="changeit"
>
> keystoreType="pkcs12" />
>
>
> Please let me know in case any other details are needed.
>
>
> Thanks,
> -Hitesh
>
>
>
>
> -----Original Message-----
> From: Lucas Galfaso [mailto:lgalfaso@gmail.com]
> Sent: Friday, October 26, 2007 7:39 PM
> To: Tomcat Users List
> Subject: Re: PKCS#12 type SSL certificate support in Tomcat
>
> Can you post the <Connector /> configuration that you are using?
> - lg
>
> On 10/26/07, Hitesh Raghav <Hi...@symantec.com> wrote:
> > Dear All,
> >
> > Is there any limitation to support PKCS#12 type SSL certificate in
> > Tomcat.
> >
> > As per Tomcat User Guide, Tomcat currently operates with JKS, PKCS11
> > or
> > PKCS12 format keystores.
> > http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
> >
> > But, I'm unable to use PKCS#12 certificate in my Tomcat.
> >
> > It throws:
> >
> > java.io.IOException: Invalid keystore format
> > at
> > sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)
> > at
> >
> sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
> > at java.security.KeyStore.load(KeyStore.java:1185)
> > at
> > org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketF
> > ac
> > tory.java:287)
> > at
> > org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESock
> > et
> > Factory.java:227)
> > at
> > org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSS
> > E1
> > 4SocketFactory.java:142)
> > at
> > org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketF
> > ac
> > tory.java:110)
> > at
> > org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESoc
> > ke
> > tFactory.java:89)
> > at
> >
> org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.
> > java:293)
> > at
> > org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.ja
> > va
> > :139)
> > at
> >
> org.apache.catalina.connector.Connector.initialize(Connector.java:1017)
> > at
> > org.apache.catalina.core.StandardService.initialize(StandardService.ja
> > va
> > :578)
> > at
> > org.apache.catalina.core.StandardServer.initialize(StandardServer.java
> > :7
> > 82)
> > at
> > org.apache.catalina.startup.Catalina.load(Catalina.java:504)
> > at
> > org.apache.catalina.startup.Catalina.load(Catalina.java:524)
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> > Method)
> > at
> > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> > av
> > a:39)
> > at
> > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> > or
> > Impl.java:25)
> > at java.lang.reflect.Method.invoke(Method.java:597)
> > at
> > org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267)
> > at
> > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
> >
> > Could you please throw some light on PKCS#12 type certificate support.
> >
> > Please let me know in case any details are needed.
> >
> >
> > Thanks,
> > -Hitesh
> >
> >
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
> e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: PKCS#12 type SSL certificate support in Tomcat
Posted by Hitesh Raghav <Hi...@symantec.com>.
Hi Lucas,
I'm using following <connector/> configuration:
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
<Factory
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS"
keystoreFile="keystore/.keystore"
keystorePass="changeit"
keystoreType="pkcs12" />
Please let me know in case any other details are needed.
Thanks,
-Hitesh
-----Original Message-----
From: Lucas Galfaso [mailto:lgalfaso@gmail.com]
Sent: Friday, October 26, 2007 7:39 PM
To: Tomcat Users List
Subject: Re: PKCS#12 type SSL certificate support in Tomcat
Can you post the <Connector /> configuration that you are using?
- lg
On 10/26/07, Hitesh Raghav <Hi...@symantec.com> wrote:
> Dear All,
>
> Is there any limitation to support PKCS#12 type SSL certificate in
> Tomcat.
>
> As per Tomcat User Guide, Tomcat currently operates with JKS, PKCS11
> or
> PKCS12 format keystores.
> http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
>
> But, I'm unable to use PKCS#12 certificate in my Tomcat.
>
> It throws:
>
> java.io.IOException: Invalid keystore format
> at
> sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)
> at
>
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
> at java.security.KeyStore.load(KeyStore.java:1185)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketF
> ac
> tory.java:287)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESock
> et
> Factory.java:227)
> at
> org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSS
> E1
> 4SocketFactory.java:142)
> at
> org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketF
> ac
> tory.java:110)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESoc
> ke
> tFactory.java:89)
> at
>
org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.
> java:293)
> at
> org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.ja
> va
> :139)
> at
>
org.apache.catalina.connector.Connector.initialize(Connector.java:1017)
> at
> org.apache.catalina.core.StandardService.initialize(StandardService.ja
> va
> :578)
> at
> org.apache.catalina.core.StandardServer.initialize(StandardServer.java
> :7
> 82)
> at
> org.apache.catalina.startup.Catalina.load(Catalina.java:504)
> at
> org.apache.catalina.startup.Catalina.load(Catalina.java:524)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> av
> a:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> or
> Impl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267)
> at
> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
>
> Could you please throw some light on PKCS#12 type certificate support.
>
> Please let me know in case any details are needed.
>
>
> Thanks,
> -Hitesh
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: PKCS#12 type SSL certificate support in Tomcat
Posted by Lucas Galfaso <lg...@gmail.com>.
Can you post the <Connector /> configuration that you are using?
- lg
On 10/26/07, Hitesh Raghav <Hi...@symantec.com> wrote:
> Dear All,
>
> Is there any limitation to support PKCS#12 type SSL certificate in
> Tomcat.
>
> As per Tomcat User Guide, Tomcat currently operates with JKS, PKCS11 or
> PKCS12 format keystores.
> http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
>
> But, I'm unable to use PKCS#12 certificate in my Tomcat.
>
> It throws:
>
> java.io.IOException: Invalid keystore format
> at
> sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)
> at
> sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
> at java.security.KeyStore.load(KeyStore.java:1185)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFac
> tory.java:287)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocket
> Factory.java:227)
> at
> org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE1
> 4SocketFactory.java:142)
> at
> org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFac
> tory.java:110)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocke
> tFactory.java:89)
> at
> org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.
> java:293)
> at
> org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java
> :139)
> at
> org.apache.catalina.connector.Connector.initialize(Connector.java:1017)
> at
> org.apache.catalina.core.StandardService.initialize(StandardService.java
> :578)
> at
> org.apache.catalina.core.StandardServer.initialize(StandardServer.java:7
> 82)
> at
> org.apache.catalina.startup.Catalina.load(Catalina.java:504)
> at
> org.apache.catalina.startup.Catalina.load(Catalina.java:524)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
> a:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
> Impl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267)
> at
> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
>
> Could you please throw some light on PKCS#12 type certificate support.
>
> Please let me know in case any details are needed.
>
>
> Thanks,
> -Hitesh
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org