You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by An...@cetip.com.br on 2002/02/21 20:51:47 UTC

change passwd for keystore

I´m trying others methods for install SSL CA Certificates on Tomcat4 and I
created a keystore with blank passwd anda now I
trying to change the passwd without sucessfull.
I simple made:
keytool -storepasswd 
Enter keystore password:  changeit
then I made the comand:
keytool -keypasswd -alias importkey
Enter keystore password:  changeit
Enter key password for <importkey>:  changeit
keytool error: java.security.UnrecoverableKeyException: Cannot recover key

How can I change my passwd without problems?
Could anybody help me?
I need this urgently....

Thanks a lot.
Angelica

>  -----Mensagem original-----
> De: 	Angelica  
> Enviada em:	terça-feira, 19 de fevereiro de 2002 15:23
> Para:	'tomcat-user@jakarta.apache.org'
> Assunto:	Import CA SSL Certificate in Tomcat 4.0
> 
> 
> Hello,
> 
> I have been some problems with import SSL CA Certificates on Tomcat4.  It
> just doesn´t running!!
> 
> I generated a key with openssl e send it to authority VeriSign that send
> me two files with the certificate. Then I have three files:
> cetipnet.key (The public key I generated by openssl)
> cetipnet.crt (The certificate sent to me by Verisign)
> cetipnet.ca.crt (valid certificate by Certification Authority)
> 
> I try do the following commands:
> 
> keytool -import -v -trustcacerts -alias tomcat -file cetipnet.crt
> 
> Then , when I start the tomcat and see by page https://localhost:8443
> occurs error sayind that the page connot appears.
> 
> I would like to know if there is some  way to import valid certificate by
> Certification Authority (not selfSign) and how can I install it.
> 
> When I try to generate a SSL certificate (RSA) for tomcat 4.0 it works
> fine!! But I need to import a trusted CA Certificate from VeriSign and it
> didn´t work.
> 
> Could you help me please?
> 

--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>

Re: change passwd for keystore

Posted by Chuck Amadi <ch...@breconbeacons.org>.

Angelica@cetip.com.br wrote:

>I╢m trying others methods for install SSL CA Certificates on Tomcat4 and I
>created a keystore with blank passwd anda now I
>trying to change the passwd without sucessfull.
>I simple made:
>keytool -storepasswd 
>Enter keystore password:  changeit
>then I made the comand:
>keytool -keypasswd -alias importkey
>Enter keystore password:  changeit
>Enter key password for <importkey>:  changeit
>keytool error: java.security.UnrecoverableKeyException: Cannot recover key
>
>How can I change my passwd without problems?
>Could anybody help me?
>I need this urgently....
>
>Thanks a lot.
>Angelica
>
>> -----Mensagem original-----
>>De: 	Angelica  
>>Enviada em:	terГa-feira, 19 de fevereiro de 2002 15:23
>>Para:	'tomcat-user@jakarta.apache.org'
>>Assunto:	Import CA SSL Certificate in Tomcat 4.0
>>
>>
>>Hello,
>>
>>I have been some problems with import SSL CA Certificates on Tomcat4.  It
>>just doesn╢t running!!
>>
>>I generated a key with openssl e send it to authority VeriSign that send
>>me two files with the certificate. Then I have three files:
>>cetipnet.key (The public key I generated by openssl)
>>cetipnet.crt (The certificate sent to me by Verisign)
>>cetipnet.ca.crt (valid certificate by Certification Authority)
>>
>>I try do the following commands:
>>
>>keytool -import -v -trustcacerts -alias tomcat -file cetipnet.crt
>>
>>Then , when I start the tomcat and see by page https://localhost:8443
>>occurs error sayind that the page connot appears.
>>
>>I would like to know if there is some  way to import valid certificate by
>>Certification Authority (not selfSign) and how can I install it.
>>
>>When I try to generate a SSL certificate (RSA) for tomcat 4.0 it works
>>fine!! But I need to import a trusted CA Certificate from VeriSign and it
>>didn╢t work.
>>
>>Could you help me please?
>>
>
>--
>To unsubscribe:   <ma...@jakarta.apache.org>
>For additional commands: <ma...@jakarta.apache.org>
>Troubles with the list: <ma...@jakarta.apache.org>
>
Why can't you locate the keystore and delete and re-created another 
keystore and thus sort out your password by configuring your SSL 
connector. (CATALINA_HOME/confserver.xml file ).

1) Return and re-create keystore file.
2) Or you can add or update the keysroePass attribute on the <Factory> 
element.

Note this can be found in SSL Configuration How - To .

 <!-- Define an SSL HTTP/1.1 Connector on port 8443(7777) -->
    <Connector className="org.apache.catalina.connector.http.HttpConnector"
               port="7777" minProcessors="5" maxProcessors="75"
               enableLookups="true"
           acceptCount="10" debug="0" scheme="https" secure="true">
      <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
               clientAuth="false"
           *keystoreFile="C:/WINDOWS/Profiles/chucka/.keystore"
           keystorePass="test123"*
           protocol="TLS"/>
    </Connector>

Cheers Chuck Amadi
Systems Programmer



--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>