You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by ml...@amsnet.com on 2001/06/06 14:57:13 UTC
Re: SSL - keytool import problem -more
I also noticed that when Tomcat is starting I see the following line when
using the -genkey key:
found key for : tomcat
When Starting Toncat using the imported key this line does not appear.
Regards
mlecza@amsnet
.com To: tomcat-user@jakarta.apache.org
cc:
06/06/2001 Subject: SSL - keytool import problem
07:30 AM
Please
respond to
tomcat-user
Playing around with Tomcat/SSL (no apache) and am having a problem hitting
a secure page if the certificate was imported. At first I thought it was a
problem with the Verisign test certificate but if I create a ket with
-genkey (which works fine), export it, then import it I have a problem
hitting the secure page.
Here is the series of events to duplicate:
- Create the key: keytool -genkey -alias tomcat -keyalg RSA
- Start Tomcat and test SSL by hitting https://locathost:8443 (page loads
fine)
- Export the generated key: keytool -export -v -file export.cert -alias
tomcat
- Delete the existing key: keytool -delete -alias tomcat
- Import the key: keytool -import -v -trustcacerts -file export.cert -alias
tomcat
- Restart Tomcat
- Test hitting same SSL page: Page does't come up. With debugs turned on
I see the followingin handshake error in the console:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[EmbeddedTomcat] Thread-29, READ: SSL v3.0 Handshake, length = 85
[EmbeddedTomcat] *** ClientHello, v3.0
RandomCookie: GMT: 893495682 bytes = { 102, 116, 141, 221, 165, 181, 15,
239, 0
, 124, 42, 42, 154, 126, 160, 241, 45, 203, 148, 236, 162, 155, 198, 169,
9, 194
, 82, 45[EmbeddedTomcat] }
Session ID: [EmbeddedTomcat] {59, 30, 11, 188, 5, 132, 214, 51, 19, 148,
194, 1
81, 128, 47, 236, 94, 112, 99, 131, 88, 222, 2, 98, 172, 83, 12, 246, 170,
60, 1
18, 167, 10}
Cipher Suites: { 0, 100, 0, 98, 0, 3, 0, 6, 0, 99[EmbeddedTomcat] }
Compression Methods: { 0[EmbeddedTomcat] }
[EmbeddedTomcat] ***
[EmbeddedTomcat] [read] MD5 and SHA1 hashes: len = 85
0000: 01 00 00 51 03 00 35 42 AA 82 66 74 8D DD A5 B5 ...Q..5B..ft....
0010: 0F EF 00 7C 2A 2A 9A 7E A0 F1 2D CB 94 EC A2 9B ....**....-.....
0020: C6 A9 09 C2 52 2D 20 3B 1E 0B BC 05 84 D6 33 13 ....R- ;......3.
0030: 94 C2 B5 80 2F EC 5E 70 63 83 58 DE 02 62 AC 53 ..../.^pc.X..b.S
0040: 0C F6 AA 3C 76 A7 0A 00 0A 00 64 00 62 00 03 00 ...<v.....d.b...
0050: 06 00 63 01 00 ..c..
[EmbeddedTomcat] %% Created: [Session-1, SSL_NULL_WITH_NULL_NULL]
Thread-29, SEND SSL v3.0 ALERT: fatal, [EmbeddedTomcat] description =
handshake
_failure
[EmbeddedTomcat] Thread-29, WRITE: SSL v3.0 Alert, length = 2
2001-06-06 07:15:39 - Ctx( ): 400 R( /) null
2001-06-06 07:15:39 - Ctx( ): IOException in: R( /) Socket closed
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Am I missing something with the import? If I delete and run -genkey again
it works OK again. Just cannot get the import working. Same result when
importing a Versign test certificate.
Has anyone been able to import a certificate and get it to work?
Any help/suggestions much appreciated.
Regards
Re: SSL - keytool import problem -more
Posted by Carl Yau <ca...@technoworks.net>.
I think it's a bug pending for fix as i have seen the problem being
posted repeatedly for months and no one has concrete solution, at
least, not found in this mailing list.
Carl
mlecza@amsnet.com wrote:
>
> I also noticed that when Tomcat is starting I see the following line when
> using the -genkey key:
>
> found key for : tomcat
>
> When Starting Toncat using the imported key this line does not appear.
>
> Regards
>
>
> mlecza@amsnet
> .com To: tomcat-user@jakarta.apache.org
> cc:
> 06/06/2001 Subject: SSL - keytool import problem
> 07:30 AM
> Please
> respond to
> tomcat-user
>
>
>
> Playing around with Tomcat/SSL (no apache) and am having a problem hitting
> a secure page if the certificate was imported. At first I thought it was a
> problem with the Verisign test certificate but if I create a ket with
> -genkey (which works fine), export it, then import it I have a problem
> hitting the secure page.
>
> Here is the series of events to duplicate:
>
> - Create the key: keytool -genkey -alias tomcat -keyalg RSA
> - Start Tomcat and test SSL by hitting https://locathost:8443 (page loads
> fine)
>
> - Export the generated key: keytool -export -v -file export.cert -alias
> tomcat
> - Delete the existing key: keytool -delete -alias tomcat
> - Import the key: keytool -import -v -trustcacerts -file export.cert -alias
> tomcat
> - Restart Tomcat
> - Test hitting same SSL page: Page does't come up. With debugs turned on
> I see the followingin handshake error in the console:
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> [EmbeddedTomcat] Thread-29, READ: SSL v3.0 Handshake, length = 85
> [EmbeddedTomcat] *** ClientHello, v3.0
> RandomCookie: GMT: 893495682 bytes = { 102, 116, 141, 221, 165, 181, 15,
> 239, 0
> , 124, 42, 42, 154, 126, 160, 241, 45, 203, 148, 236, 162, 155, 198, 169,
> 9, 194
> , 82, 45[EmbeddedTomcat] }
> Session ID: [EmbeddedTomcat] {59, 30, 11, 188, 5, 132, 214, 51, 19, 148,
> 194, 1
> 81, 128, 47, 236, 94, 112, 99, 131, 88, 222, 2, 98, 172, 83, 12, 246, 170,
> 60, 1
> 18, 167, 10}
> Cipher Suites: { 0, 100, 0, 98, 0, 3, 0, 6, 0, 99[EmbeddedTomcat] }
> Compression Methods: { 0[EmbeddedTomcat] }
> [EmbeddedTomcat] ***
> [EmbeddedTomcat] [read] MD5 and SHA1 hashes: len = 85
> 0000: 01 00 00 51 03 00 35 42 AA 82 66 74 8D DD A5 B5 ...Q..5B..ft....
> 0010: 0F EF 00 7C 2A 2A 9A 7E A0 F1 2D CB 94 EC A2 9B ....**....-.....
> 0020: C6 A9 09 C2 52 2D 20 3B 1E 0B BC 05 84 D6 33 13 ....R- ;......3.
> 0030: 94 C2 B5 80 2F EC 5E 70 63 83 58 DE 02 62 AC 53 ..../.^pc.X..b.S
> 0040: 0C F6 AA 3C 76 A7 0A 00 0A 00 64 00 62 00 03 00 ...<v.....d.b...
> 0050: 06 00 63 01 00 ..c..
> [EmbeddedTomcat] %% Created: [Session-1, SSL_NULL_WITH_NULL_NULL]
> Thread-29, SEND SSL v3.0 ALERT: fatal, [EmbeddedTomcat] description =
> handshake
> _failure
> [EmbeddedTomcat] Thread-29, WRITE: SSL v3.0 Alert, length = 2
> 2001-06-06 07:15:39 - Ctx( ): 400 R( /) null
> 2001-06-06 07:15:39 - Ctx( ): IOException in: R( /) Socket closed
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> Am I missing something with the import? If I delete and run -genkey again
> it works OK again. Just cannot get the import working. Same result when
> importing a Versign test certificate.
> Has anyone been able to import a certificate and get it to work?
>
> Any help/suggestions much appreciated.
>
> Regards