Rudi,
Sorry I do not have any experience with keystores. The list traffic is
pretty slow, so you are unlikely (not impossible) to get an answer before
Monday. 
HTH - Richard

-----Original Message-----
From: Raueber Hotzenplotz [mailto:[EMAIL PROTECTED] 
Sent: Sunday, October 23, 2005 7:21 AM
To: Tomcat Users List
Subject: Re: KeyStore question

Here is the link to the source code files:
http://stud4.tuwien.ac.at/~e9726342/


--- Raueber Hotzenplotz <[EMAIL PROTECTED]> wrote:

> Hi all
> 
> I still want to use Tomcat with SSL (still not working). I've got a 
> servlet that acts as a CA.
> 
> 1. Question(s):
> Should I have separate keystores (JKS) for the web application and the 
> Tomcat server? Where do you usually place the Tomcat keystore? At the 
> moment I'm including the web application keystore in the war file and 
> have the Tomcat keystore stored somewhere else.
> 
> 2. Question(s):
> If I want to use SSL I don't need to change an existing servlet - 
> Tomcat handles secure requests. Is that correct? My problem is, web 
> browsers accept my selfsigned certificates (https://localhost:8443) 
> (after I tell them to do so), but as soon as I make a secure xmlrpc 
> call to my servlet, I get SSLHandshakeExeptions. Secure xmlrpc calls 
> between two clients
> (SecureWebServer/SecureXmlRpcClient) work. I've got my own 'open'
> trustmanager
> and hostnameverifier (see attached code). The only thing I changed was 
> the server.xml file (now includes keystore/password for Tomcat 
> server). Are there any other things? I also tried to add my selfsigned 
> certificate to $JAVA_HOME/jre/lib/security/cacerts, but that didn't help
either.
> 
> 3. Question(s):
> I've already asked in other places, but I still can't make it work. I 
> would be a very happy person, if someone could post a complete client 
> + server code using SSL preferably xmlrpc using javax.net.ssl instead 
> of com.net.ssl (that's a bit off topic). Do I need to implement my own 
> trustmanager/hostnameverifier on both sides client and server or just 
> on the client side?
> 
> Thanks!!
> 
> Rudi
> 
> 
> 
> 
> 
>       
>       
>               
> ___________________________________________________________
> Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with 
> voicemail http://uk.messenger.yahoo.com
> > --------------------------------------------------------------------
> > -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]



                
___________________________________________________________
To help you stay safe and secure online, we've developed the all new Yahoo!
Security Centre. http://uk.security.yahoo.com

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to