On 27/10/2012 11:22 AM, "Gabriel Huerta Araujo" <huert...@hildebrando.com> wrote: > > Is it enough with putting a line into this file like this?: > > 192.168.30.73 logangha > > Where 192.168.30.73 is my IP >
192.168.30.73 logangha THE-DOMAIN-NAME-FROM-THE-CERTIFICATE This should work.eg: 192.168.30.73 logangha mydomai.com And access with: http://mydomain.com > ----- Original Message ----- > From: "Gabriel Huerta Araujo" <huert...@hildebrando.com> > To: "Tomcat Users List" <users@tomcat.apache.org> > Sent: Friday, October 26, 2012 7:15:26 PM > Subject: Re: Implementing SSL and error invocating > https://localhost:8443/(Tomcat 7.0 on Windows 7) > > This is my hosts file's content: > > 10.254.5.1 sigcbd01 #10.192.19.1 sigc > 10.254.4.63 sdswbd01 #10.192.17.66 sadigeo > 10.254.2.248 nsisba01 > > None of these IP's is my domain. How do I configure dns resolution for such name on my computer to point to > the ip of my laptop? As I am testing I am using my laptop with Windows 7 installed. > > Regards. > > ----- Original Message ----- > From: "Igor Cicimov" <icici...@gmail.com> > To: "Tomcat Users List" <users@tomcat.apache.org> > Sent: Friday, October 26, 2012 6:21:49 PM > Subject: Re: Implementing SSL and error invocating > https://localhost:8443/(Tomcat 7.0 on Windows 7) > > On 27/10/2012 10:09 AM, "Gabriel Huerta Araujo" <huert...@hildebrando.com> > wrote: > > > > I used logangha(which is my computer name) instead of localhost but again > I had to click the Information bar to display the content (not recommended). > > > > So you got the cert for logangha??? Again, you should match the name of the > domain you got the certificate for not the server name. Meaning you need > dns resolution for that name on your server or local network to point to > the ip of the server. Thats easy done in linux by editing the /etc/hosts > file, not sure about windows. Google is your friend i think there should be > simmilar file too. > > > > > Regards. > > > > ----- Original Message ----- > > From: "Igor Cicimov" <icici...@gmail.com> > > To: "Tomcat Users List" <users@tomcat.apache.org> > > Sent: Friday, October 26, 2012 5:41:59 PM > > Subject: Re: Implementing SSL and error invocating https://localhost:8443/(Tomcat 7.0 on Windows 7) > > > > On 27/10/2012 9:37 AM, "Gabriel Huerta Araujo" <huert...@hildebrando.com > > > wrote: > > > > > > I have followed below steps: > > > > > > 1.- Erase keytore > > > keytool -delete -keystore .keystore -storepass x_men_gha > > > > > > 2.- List to verify if it has been deleted. > > > keytool -list -storepass x_men_gha > > > Tipo de almacÚn de claves: JKS > > > Proveedor de almacÚn de claves: SUN > > > > > > Su almacÚn de claves contiene 0 entradas > > > > > > 3.- Create as stated: > > > keytool -genkey -alias tomcat -keyalg RSA > > > Escriba la contrase±a del almacÚn de claves: > > > La contrase±a del almacÚn de claves es demasiado corta, debe tener al > > menos 6 ca > > > racteres > > > Escriba la contrase±a del almacÚn de claves: > > > ┐Cußles son su nombre y su apellido? > > > [Unknown]: Gabriel Huerta > > > ┐Cußl es el nombre de su unidad de organizaci¾n? > > > [Unknown]: Desarrollo > > > ┐Cußl es el nombre de su organizaci¾n? > > > [Unknown]: Hildebrando > > > ┐Cußl es el nombre de su ciudad o localidad? > > > [Unknown]: Queretaro > > > ┐Cußl es el nombre de su estado o provincia? > > > [Unknown]: Santiago > > > ┐Cußl es el c¾digo de paÝs de dos letras de la unidad? > > > [Unknown]: MX > > > ┐Es correcto CN=Gabriel Huerta, OU=Desarrollo, O=Hildebrando, > > L=Queretaro, ST=Sa > > > ntiago, C=MX? > > > [no]: y > > > > > > Escriba la contrase±a clave para <tomcat> > > > (INTRO si es la misma contrase±a que la del almacÚn de claves): > > > > > > > > > 4.- List to verify it: > > > C:\Users\Gabriel Huerta>keytool -list > > > Escriba la contrase±a del almacÚn de claves: > > > > > > Tipo de almacÚn de claves: JKS > > > Proveedor de almacÚn de claves: SUN > > > > > > Su almacÚn de claves contiene entrada 1 > > > > > > tomcat, 26/10/2012, PrivateKeyEntry, > > > Huella digital de certificado (MD5): > > 00:37:8B:7F:F1:A4:B6:EE:8F:00:69:95:0A:A8:AD:14 > > > > > > > > > 5.- Import certificate as stated for Tomcat documentation: > > > For Verisign.com trial certificates go to: > > > http://www.verisign.com/support/verisign-intermediate-ca/Trial_Secure_Server_Root/index.html > > > > > > Once there I followed instructions where says "Click here to go to the > > Installation Instructions", basically I copied below message and pasted it > > into a file named certif.cer: > > > -----BEGIN CERTIFICATE----- > > > MIIEVzCCAz+gAwIBAgIQFoFkpCjKEt+rEvGfsbk1VDANBgkqhkiG9w0BAQUFADCB > > > jDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTAwLgYDVQQL > > > EydGb3IgVGVzdCBQdXJwb3NlcyBPbmx5LiAgTm8gYXNzdXJhbmNlcy4xMjAwBgNV > > > BAMTKVZlcmlTaWduIFRyaWFsIFNlY3VyZSBTZXJ2ZXIgUm9vdCBDQSAtIEcyMB4X > > > DTA5MDQwMTAwMDAwMFoXDTI5MDMzMTIzNTk1OVowgYwxCzAJBgNVBAYTAlVTMRcw > > > FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEwMC4GA1UECxMnRm9yIFRlc3QgUHVycG9z > > > ZXMgT25seS4gIE5vIGFzc3VyYW5jZXMuMTIwMAYDVQQDEylWZXJpU2lnbiBUcmlh > > > bCBTZWN1cmUgU2VydmVyIFJvb3QgQ0EgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQAD > > > ggEPADCCAQoCggEBAMCJggWnSVAcIomnvCFhXlCdgafCKCDxVSNQY2jhYGZXcZsq > > > ToJmDQ7b9JO39VCPnXELOENP2+4FNCUQnzarLfghsJ8kQ9pxjRTfcMp0bsH+Gk/1 > > > qLDgvf9WuiBa5SM/jXNvroEQZwPuMZg4r2E2k0412VTq9ColODYNDZw3ziiYdSjV > > > fY3VfbsLSXJIh2jaJC5kVRsUsx72s4/wgGXbb+P/XKr15nMIB0yH9A5tiCCXQ5nO > > > EV7/ddZqmL3zdeAtyGmijOxjwiy+GS6xr7KACfbPEJYZYaS/P0wctIOyQy6CkNKL > > > o5vDDkOZks0zjf6RAzNXZndvsXEJpQe5WO1avm8CAwEAAaOBsjCBrzAPBgNVHRMB > > > Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkw > > > VzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZ > > > LjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjAdBgNVHQ4E > > > FgQUSBnnkm+SnTRjmcDwmcjWpYyMf2UwDQYJKoZIhvcNAQEFBQADggEBADuswa8C > > > 0hunHp17KJQ0WwNRQCp8f/u4L8Hz/TiGfybnaMXgn0sKI8Xe79iGE91M7vrzh0Gt > > > ap0GLShkiqHGsHkIxBcVMFbEQ1VS63XhTeg36cWQ1EjOHmu+8tQe0oZuwFsYYdfs > > > n4EZcpspiep9LFc/hu4FE8SsY6MiasHR2Ay97UsC9A3S7ZaoHfdwyhtcINXCu2lX > > > W0Gpi3vzWRvwqgua6dm2WVKJfvPfmS1mAP0YmTcIwjdiNXiU6sSsJEoNlTR9zCoo > > > 4oKQ8wVoWZpbuPZb5geszhS7YsABUPIAAfF1YQCiMULtpa6HFzzm7sdf72N3HfwE > > > aQNg95KnKGrrDUI= > > > -----END CERTIFICATE----- > > > > > > Below are all instructions stated for this place which I have follwed: > > > > > > Installation Instructions > > > For Microsoft Browsers > > > > > > 1.Click on the "Secure Site Trial Root Certificate" link above. > > > 2.Save the certificate into a file with a .cer extension. > > > 3.Open a Microsoft IE Browser. > > > 4.Go to Tools > Internet Options > Content > Certificates > > > 5.Click Import. A certificate manager Import Wizard will appear. Click > > Next. > > > 6.Browse to the location of the recently stored root (done in step 2). > > Select ALL files for file type. > > > 7.Select the certificate and click Open. > > > 8.Click Next. > > > 9.Select "Automatically select the certificate store based on the type > of > > the certificate". Click Ok. > > > 10.Click Next then Finish. > > > 11.When prompted and asked if you wish to add the following certificate > > to the root store, click Yes. > > > > > > For last step I was not asked to add trial certificate to the root > store. > > > > > > > > > I did not do below steps(stated from Tomcat documentation), because > these > > ones require keystore file: > > > > > > "Import the Chain Certificate into your keystore > > > > > > keytool -import -alias root -keystore <your_keystore_filename> \ > > > -trustcacerts -file <filename_of_the_chain_certificate> > > > > > > > > > And finally import your new Certificate > > > > > > keytool -import -alias tomcat -keystore <your_keystore_filename> \ > > > -file <your_certificate_filename>" > > > > > > > > > > > > 6.- Restart tomcat: It did not generate any error, but when I open IE > > with link https://localhost:8443/ > > > appears below message: > > > > > > There is a problem with the security certificate for this site > > > Go to this website (not recommended). > > > > > > When I clicked on this message (Go to this website (not recommended), it > > is showed Tomcat page but in the IE's toolbar > > > indicates "Certificate Error". My question here is how do I disappear > > this annoying indication?. > > > > > > > Use the server name you got the certificate for in the link instead of > > localhost. > > > > > > > > Regards > > > > > > ----- Original Message ----- > > > From: "Christopher Schultz" <ch...@christopherschultz.net> > > > To: "Tomcat Users List" <users@tomcat.apache.org> > > > Sent: Friday, October 26, 2012 2:29:28 PM > > > Subject: Re: Implementing SSL and error invocating > https://localhost:8443/(Tomcat 7.0 on Windows 7) > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > Gabriel, > > > > > > On 10/26/12 11:57 AM, Gabriel Huerta Araujo wrote: > > > > Regarding password I run keytool indicating my password which is > > > > the same as the indicated in my connector section: > > > > > > > > keytool -list -keystore .keystore -storepass x_men_gha Tipo de > > > > almacén de claves: JKS Proveedor de almacén de claves: SUN > > > > > > > > Su almacén de claves contiene 2 entradas > > > > > > > > root, 24/10/2012, trustedCertEntry, Huella digital de certificado > > > > (MD5): E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 tomcat, > > > > 24/10/2012, trustedCertEntry, Huella digital de certificado (MD5): > > > > E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 > > > > > > I don't usually use keystores... do the "root" and "tomcat" strings in > > > there indicate the "alias" for each entry? > > > > > > Hmm... when I create a keystore like this: > > > > > > $ keytool -genkey -alias tomcat -keyalg RSA > > > > > > $ keytool -list > > > Keystore type: JKS > > > Keystore provider: SUN > > > > > > Your keystore contains 1 entry > > > > > > tomcat, Oct 26, 2012, PrivateKeyEntry, > > > Certificate fingerprint (SHA1): > > > C1:8A:4F:EF:80:AB:41:8E:10:B4:98:6B:C4:EE:58:7E:7A:F2:8C:A8 > > > > > > Note the "PrivateKeyEntry" in there: you need to have the > > > certificate's private key available in order to unlock the > > > certificate. Can you try re-creating your keystore and posting all the > > > commands you use? > > > > > > - -chris > > > -----BEGIN PGP SIGNATURE----- > > > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > > > Comment: GPGTools - http://gpgtools.org > > > Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ > > > > > > iEYEARECAAYFAlCK5JgACgkQ9CaO5/Lv0PB43gCgusGt82p+037mjGlwk0UsFtQ9 > > > cBoAmwZrEYkIXxNjW7MF/Mqk9raXdhyB > > > =9CMe > > > -----END PGP SIGNATURE----- > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
