You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Morten Tollefsen <mo...@isystem.no> on 2002/12/02 12:59:47 UTC

SV: SV: SV: Problems running VeriSign trial sertificate in Tomcat.

Hi!

I figured it out this weekend, and your sollution is absolute correct!

Thanks for helping me!

Morten

-----Opprinnelig melding-----
Fra: Joseph Stephen [mailto:joseph_vaithara@yahoo.com] 
Sendt: 30. november 2002 19:34
Til: Tomcat Users List; morten.tollefsen@isystem.no
Emne: Re: SV: SV: Problems running VeriSign trial sertificate in Tomcat.


I don't think you should not delete the self signed certificate. i.e.
you can skip the step 
keytool -delete -alias tomcat
keytool establishes a certificate chain in the
keystore, each one validating the parent (or is it the
child). So the chain to establish the chain import the
cacert file as the root (alias root). the self signed certificate (alias
tomcat) and finally the reply from verisign (alias tomcat). When you
import the reply you should see the message imported "reply".

Let me know if you still face problems

Regards,
Joseph

 --- Morten Tollefsen <mo...@isystem.no>
wrote: > Thanks, but I still got problems.
> 
> Here is all I've done (tried it once again...):
> 
> * Generate key (self-signed sertificate):
> 
> keytool -genkey -alias tomcat -keysize 1024
> -validity 365 -keyalg RSA
>  
>  * Generate CSR:
>  
> keytool -certreq -alias tomcat -file tomcat.csr
> 
> * Submittet CSR - VeriSign
> 
> * Submitted user information to VeriSign
> 
> * Installed Test CA Root in browser
> 
> * Imported Test CA Root in keystore cacerts in 
> JAVA_HOME\jre\lib\security
> 
> keytool -import -trustcacerts -file getcacert.cer
> -keystore
> c:\jdk1.3.1\jre\lib\security\cacerts
> 
> * Received signed sertificated from VeriSign, copy
> to file tomcat.cer
> 
> * Deleted self-signed sertificate:
> 
> keytool -delete -alias tomcat
> 
> * Imported signed sertificate from VeriSign:
> 
> keytool -import -alias tomcat -file tomcat.cer
> 
> * Restarted Tomcat, and keep get the following
> error:
> 
> javax.net.ssl.SSLException: Unrecognized SSL
> handshake.
> 
> Ideas?
> 
> Morten T.
> 
> -----Opprinnelig melding-----
> Fra: Joseph Stephen
> [mailto:joseph_vaithara@yahoo.com]
> Sendt: 28. november 2002 22:39
> Til: Tomcat Users List
> Emne: Re: SV: Problems running VeriSign trial
> sertificate in Tomcat.
> 
> 
> You need to import the verisign test ca root
> certificate in to the java cacerts found under 
> java_home/lib/security/cacerts.. THe test ca root certificate can be
> downloaded from
> www.verisign.com/trial/server/faq/index.html or
> something like that
> 
>  --- "Morten mot. Tollefsen" <mo...@isystem.no> wrote:
> >
> Any ideas?
> >  
> > Please help me with this problem!
> >  
> > Morten Tollefsen
> > 
> > -----Opprinnelig melding-----
> > Fra: Morten Tollefsen
> > [mailto:morten.tollefsen@isystem.no]
> > Sendt: 25. november 2002 12:03
> > Til: 'tomcat-user@jakarta.apache.org'
> > Emne: Problems running VeriSign trial sertificate
> in
> > Tomcat.
> > 
> > 
> > Problem with running Tomcat using VeriSign trial certificate.
> >  
> > Can anyone please help me with this problem? Have
> > searched for hours,
> > but can't find any sollutions...
> >  
> > I'm running:
> >  
> > Windows 2000
> > JDK 1.3
> > JSSE 1.0.3
> > Tomcat 3.2.3
> >  
> > Have done:
> >  
> > - Created self-signed certificate using keytool,
> OK.
> > - Tomcat SSL setup, running with self-signed
> > certificate, OK.
> > - Created the CSR and sent it to VeriSign, OK.
> > - Imported the trial certificate from VeriSign
> using
> > 'keytool -import
> > -alias tomcat -keystore verisign -file tomcat.cer'
> >   Have also tried to change keystore name and
> > password.
> >  
> > Tomcat error message:
> > javax.net.ssl.SSLException: Unrecognized SSL
> > handshake.
> >  
> > My connector parameters in server.xml:
> >  
> > <Connector
> >
>
className="org.apache.tomcat.service.PoolTcpConnector">
> >   <Parameter name="handler"
> >
>
value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
> >   <Parameter name="port" value="443"/>
> >   <Parameter name="socketFactory"
> > value="org.apache.tomcat.net.SSLSocketFactory" />
> >   <Parameter name="keystore" value="c:/documents
> and
> > settings/localhost/verisign" />
> >   <Parameter name="keypass" value="changeit" />
> >   <Parameter name="secure" value="true" />
> >   <Parameter name="clientauth" value="true" />
> > </Connector>
> >  
> > Have tried to change secure and clientauth
> > parameters without success.
> >  
> > Any ideas???
> >  
> > Greetings
> > Morten Tollefsen
> > Integrasjonssystemer AS
> > morten.tollefsen@isystem.no 
> > 33036066 / 97178250 
> >  
> > 
> >  
> 
>
________________________________________________________________________
> Missed your favourite TV serial last night? Try the
> new, Yahoo! TV.
>        visit http://in.tv.yahoo.com
> 
> --
> To unsubscribe, e-mail: 
> <ma...@jakarta.apache.org>
> For additional commands, e-mail: 
> <ma...@jakarta.apache.org>
> 
> 
> 
> 
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>  

________________________________________________________________________
Missed your favourite TV serial last night? Try the new, Yahoo! TV.
       visit http://in.tv.yahoo.com

--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>




--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>