Rudi, Sorry I do not have any experience with keystores. The list traffic is pretty slow, so you are unlikely (not impossible) to get an answer before Monday. HTH - Richard
-----Original Message----- From: Raueber Hotzenplotz [mailto:[EMAIL PROTECTED] Sent: Sunday, October 23, 2005 7:21 AM To: Tomcat Users List Subject: Re: KeyStore question Here is the link to the source code files: http://stud4.tuwien.ac.at/~e9726342/ --- Raueber Hotzenplotz <[EMAIL PROTECTED]> wrote: > Hi all > > I still want to use Tomcat with SSL (still not working). I've got a > servlet that acts as a CA. > > 1. Question(s): > Should I have separate keystores (JKS) for the web application and the > Tomcat server? Where do you usually place the Tomcat keystore? At the > moment I'm including the web application keystore in the war file and > have the Tomcat keystore stored somewhere else. > > 2. Question(s): > If I want to use SSL I don't need to change an existing servlet - > Tomcat handles secure requests. Is that correct? My problem is, web > browsers accept my selfsigned certificates (https://localhost:8443) > (after I tell them to do so), but as soon as I make a secure xmlrpc > call to my servlet, I get SSLHandshakeExeptions. Secure xmlrpc calls > between two clients > (SecureWebServer/SecureXmlRpcClient) work. I've got my own 'open' > trustmanager > and hostnameverifier (see attached code). The only thing I changed was > the server.xml file (now includes keystore/password for Tomcat > server). Are there any other things? I also tried to add my selfsigned > certificate to $JAVA_HOME/jre/lib/security/cacerts, but that didn't help either. > > 3. Question(s): > I've already asked in other places, but I still can't make it work. I > would be a very happy person, if someone could post a complete client > + server code using SSL preferably xmlrpc using javax.net.ssl instead > of com.net.ssl (that's a bit off topic). Do I need to implement my own > trustmanager/hostnameverifier on both sides client and server or just > on the client side? > > Thanks!! > > Rudi > > > > > > > > > ___________________________________________________________ > Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with > voicemail http://uk.messenger.yahoo.com > > -------------------------------------------------------------------- > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] ___________________________________________________________ To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]