Re: Implementing SSL and error invocating https://localhost:8443/ (Tomcat 7.0 on Windows 7)

Sat, 27 Oct 2012 19:30:23 -0700 

I have reached IE accepts my certificate as a valid certificate but when I open 
IE with link https://localhost:8443/
appears below message:

        There is a problem with the security certificate for this site
        Go to this website (not recommended).

When I clicked on this message (Go to this website (not recommended), it is 
showed Tomcat page but in the IE's toolbar
indicates "Certificate Error" with red color. My question here is how do I 
disappear this annoying indication?. 


Regards

----- Original Message -----
From: "Igor Cicimov" <icici...@gmail.com>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Friday, October 26, 2012 7:43:05 PM
Subject: Re: Implementing SSL and error invocating https://localhost:8443/ 
(Tomcat 7.0 on Windows 7)

On 27/10/2012 11:22 AM, "Gabriel Huerta Araujo" <huert...@hildebrando.com>
wrote:
>
> Is it enough with putting a line into this file like this?:
>
> 192.168.30.73 logangha
>
> Where 192.168.30.73 is my IP
>

192.168.30.73 logangha THE-DOMAIN-NAME-FROM-THE-CERTIFICATE

This should work.eg:

192.168.30.73 logangha mydomai.com

And access with:

http://mydomain.com

> ----- Original Message -----
> From: "Gabriel Huerta Araujo" <huert...@hildebrando.com>
> To: "Tomcat Users List" <users@tomcat.apache.org>
> Sent: Friday, October 26, 2012 7:15:26 PM
> Subject: Re: Implementing SSL and error invocating 
> https://localhost:8443/(Tomcat 7.0 on Windows 7)
>
> This is my hosts file's content:
>
> 10.254.5.1      sigcbd01    #10.192.19.1       sigc
> 10.254.4.63     sdswbd01    #10.192.17.66    sadigeo
> 10.254.2.248    nsisba01
>
> None of these IP's is my domain. How do I configure dns resolution for
such name on my computer to point to
> the ip of my laptop? As I am testing I am using my laptop with Windows 7
installed.
>
> Regards.
>
> ----- Original Message -----
> From: "Igor Cicimov" <icici...@gmail.com>
> To: "Tomcat Users List" <users@tomcat.apache.org>
> Sent: Friday, October 26, 2012 6:21:49 PM
> Subject: Re: Implementing SSL and error invocating 
> https://localhost:8443/(Tomcat 7.0 on Windows 7)
>
> On 27/10/2012 10:09 AM, "Gabriel Huerta Araujo" <huert...@hildebrando.com>
> wrote:
> >
> > I used logangha(which is my computer name) instead of localhost but
again
> I had to click the Information bar to display the content (not
recommended).
> >
>
> So you got the cert for logangha??? Again, you should match the name of
the
> domain you got the certificate for not the server name. Meaning you need
> dns resolution for that name on your server or local network to point to
> the ip of the server. Thats easy done in linux by editing the /etc/hosts
> file, not sure about windows. Google is your friend i think there should
be
> simmilar file too.
>
> >
> > Regards.
> >
> > ----- Original Message -----
> > From: "Igor Cicimov" <icici...@gmail.com>
> > To: "Tomcat Users List" <users@tomcat.apache.org>
> > Sent: Friday, October 26, 2012 5:41:59 PM
> > Subject: Re: Implementing SSL and error invocating
https://localhost:8443/(Tomcat 7.0 on Windows 7)
> >
> > On 27/10/2012 9:37 AM, "Gabriel Huerta Araujo" <huert...@hildebrando.com
>
> > wrote:
> > >
> > > I have followed below steps:
> > >
> > > 1.- Erase keytore
> > > keytool -delete -keystore .keystore -storepass x_men_gha
> > >
> > > 2.- List to verify if it has been deleted.
> > > keytool -list  -storepass x_men_gha
> > > Tipo de almacÚn de claves: JKS
> > > Proveedor de almacÚn de claves: SUN
> > >
> > > Su almacÚn de claves contiene 0 entradas
> > >
> > > 3.- Create as stated:
> > > keytool -genkey -alias tomcat -keyalg RSA
> > > Escriba la contrase±a del almacÚn de claves:
> > > La contrase±a del almacÚn de claves es demasiado corta, debe tener al
> > menos 6 ca
> > > racteres
> > > Escriba la contrase±a del almacÚn de claves:
> > > ┐Cußles son su nombre y su apellido?
> > >   [Unknown]:  Gabriel Huerta
> > > ┐Cußl es el nombre de su unidad de organizaci¾n?
> > >   [Unknown]:  Desarrollo
> > > ┐Cußl es el nombre de su organizaci¾n?
> > >   [Unknown]:  Hildebrando
> > > ┐Cußl es el nombre de su ciudad o localidad?
> > >   [Unknown]:  Queretaro
> > > ┐Cußl es el nombre de su estado o provincia?
> > >   [Unknown]:  Santiago
> > > ┐Cußl es el c¾digo de paÝs de dos letras de la unidad?
> > >   [Unknown]:  MX
> > > ┐Es correcto CN=Gabriel Huerta, OU=Desarrollo, O=Hildebrando,
> > L=Queretaro, ST=Sa
> > > ntiago, C=MX?
> > >   [no]:  y
> > >
> > > Escriba la contrase±a clave para <tomcat>
> > >         (INTRO si es la misma contrase±a que la del almacÚn de
claves):
> > >
> > >
> > > 4.- List to verify it:
> > > C:\Users\Gabriel Huerta>keytool -list
> > > Escriba la contrase±a del almacÚn de claves:
> > >
> > > Tipo de almacÚn de claves: JKS
> > > Proveedor de almacÚn de claves: SUN
> > >
> > > Su almacÚn de claves contiene entrada 1
> > >
> > > tomcat, 26/10/2012, PrivateKeyEntry,
> > > Huella digital de certificado (MD5):
> > 00:37:8B:7F:F1:A4:B6:EE:8F:00:69:95:0A:A8:AD:14
> > >
> > >
> > > 5.- Import certificate as stated for Tomcat documentation:
> > >  For Verisign.com trial certificates go to:
> >
>
http://www.verisign.com/support/verisign-intermediate-ca/Trial_Secure_Server_Root/index.html
> > >
> > > Once there I followed instructions where says "Click here to go to the
> > Installation Instructions", basically I copied below message and pasted
it
> > into a file named certif.cer:
> > > -----BEGIN CERTIFICATE-----
> > > MIIEVzCCAz+gAwIBAgIQFoFkpCjKEt+rEvGfsbk1VDANBgkqhkiG9w0BAQUFADCB
> > > jDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTAwLgYDVQQL
> > > EydGb3IgVGVzdCBQdXJwb3NlcyBPbmx5LiAgTm8gYXNzdXJhbmNlcy4xMjAwBgNV
> > > BAMTKVZlcmlTaWduIFRyaWFsIFNlY3VyZSBTZXJ2ZXIgUm9vdCBDQSAtIEcyMB4X
> > > DTA5MDQwMTAwMDAwMFoXDTI5MDMzMTIzNTk1OVowgYwxCzAJBgNVBAYTAlVTMRcw
> > > FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEwMC4GA1UECxMnRm9yIFRlc3QgUHVycG9z
> > > ZXMgT25seS4gIE5vIGFzc3VyYW5jZXMuMTIwMAYDVQQDEylWZXJpU2lnbiBUcmlh
> > > bCBTZWN1cmUgU2VydmVyIFJvb3QgQ0EgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQAD
> > > ggEPADCCAQoCggEBAMCJggWnSVAcIomnvCFhXlCdgafCKCDxVSNQY2jhYGZXcZsq
> > > ToJmDQ7b9JO39VCPnXELOENP2+4FNCUQnzarLfghsJ8kQ9pxjRTfcMp0bsH+Gk/1
> > > qLDgvf9WuiBa5SM/jXNvroEQZwPuMZg4r2E2k0412VTq9ColODYNDZw3ziiYdSjV
> > > fY3VfbsLSXJIh2jaJC5kVRsUsx72s4/wgGXbb+P/XKr15nMIB0yH9A5tiCCXQ5nO
> > > EV7/ddZqmL3zdeAtyGmijOxjwiy+GS6xr7KACfbPEJYZYaS/P0wctIOyQy6CkNKL
> > > o5vDDkOZks0zjf6RAzNXZndvsXEJpQe5WO1avm8CAwEAAaOBsjCBrzAPBgNVHRMB
> > > Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkw
> > > VzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZ
> > > LjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjAdBgNVHQ4E
> > > FgQUSBnnkm+SnTRjmcDwmcjWpYyMf2UwDQYJKoZIhvcNAQEFBQADggEBADuswa8C
> > > 0hunHp17KJQ0WwNRQCp8f/u4L8Hz/TiGfybnaMXgn0sKI8Xe79iGE91M7vrzh0Gt
> > > ap0GLShkiqHGsHkIxBcVMFbEQ1VS63XhTeg36cWQ1EjOHmu+8tQe0oZuwFsYYdfs
> > > n4EZcpspiep9LFc/hu4FE8SsY6MiasHR2Ay97UsC9A3S7ZaoHfdwyhtcINXCu2lX
> > > W0Gpi3vzWRvwqgua6dm2WVKJfvPfmS1mAP0YmTcIwjdiNXiU6sSsJEoNlTR9zCoo
> > > 4oKQ8wVoWZpbuPZb5geszhS7YsABUPIAAfF1YQCiMULtpa6HFzzm7sdf72N3HfwE
> > > aQNg95KnKGrrDUI=
> > > -----END CERTIFICATE-----
> > >
> > > Below are all instructions stated for this place which I have follwed:
> > >
> > > Installation Instructions
> > > For Microsoft Browsers
> > >
> > > 1.Click on the "Secure Site Trial Root Certificate" link above.
> > > 2.Save the certificate into a file with a .cer extension.
> > > 3.Open a Microsoft IE Browser.
> > > 4.Go to Tools > Internet Options > Content > Certificates
> > > 5.Click Import. A certificate manager Import Wizard will appear. Click
> > Next.
> > > 6.Browse to the location of the recently stored root (done in step 2).
> > Select ALL files for file type.
> > > 7.Select the certificate and click Open.
> > > 8.Click Next.
> > > 9.Select "Automatically select the certificate store based on the type
> of
> > the certificate". Click Ok.
> > > 10.Click Next then Finish.
> > > 11.When prompted and asked if you wish to add the following
certificate
> > to the root store, click Yes.
> > >
> > > For last step I was not asked to add trial certificate to the root
> store.
> > >
> > >
> > > I did not do below steps(stated from Tomcat documentation), because
> these
> > ones require keystore file:
> > >
> > > "Import the Chain Certificate into your keystore
> > >
> > >  keytool -import -alias root -keystore <your_keystore_filename> \
> > >     -trustcacerts -file <filename_of_the_chain_certificate>
> > >
> > >
> > > And finally import your new Certificate
> > >
> > >  keytool -import -alias tomcat -keystore <your_keystore_filename> \
> > >     -file <your_certificate_filename>"
> > >
> > >
> > >
> > > 6.- Restart tomcat: It did not generate any error, but when I open IE
> > with link https://localhost:8443/
> > > appears below message:
> > >
> > >         There is a problem with the security certificate for this site
> > >         Go to this website (not recommended).
> > >
> > > When I clicked on this message (Go to this website (not recommended),
it
> > is showed Tomcat page but in the IE's toolbar
> > > indicates "Certificate Error". My question here is how do I disappear
> > this annoying indication?.
> > >
> >
> > Use the server name you got the certificate for in the link instead of
> > localhost.
> >
> > >
> > > Regards
> > >
> > > ----- Original Message -----
> > > From: "Christopher Schultz" <ch...@christopherschultz.net>
> > > To: "Tomcat Users List" <users@tomcat.apache.org>
> > > Sent: Friday, October 26, 2012 2:29:28 PM
> > > Subject: Re: Implementing SSL and error invocating
> https://localhost:8443/(Tomcat 7.0 on Windows 7)
> > >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Gabriel,
> > >
> > > On 10/26/12 11:57 AM, Gabriel Huerta Araujo wrote:
> > > > Regarding password I run keytool indicating my password which is
> > > > the same as the indicated in my connector section:
> > > >
> > > > keytool -list -keystore .keystore -storepass x_men_gha Tipo de
> > > > almacén de claves: JKS Proveedor de almacén de claves: SUN
> > > >
> > > > Su almacén de claves contiene 2 entradas
> > > >
> > > > root, 24/10/2012, trustedCertEntry, Huella digital de certificado
> > > > (MD5): E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 tomcat,
> > > > 24/10/2012, trustedCertEntry, Huella digital de certificado (MD5):
> > > > E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37
> > >
> > > I don't usually use keystores... do the "root" and "tomcat" strings in
> > > there indicate the "alias" for each entry?
> > >
> > > Hmm... when I create a keystore like this:
> > >
> > > $ keytool -genkey -alias tomcat -keyalg RSA
> > >
> > > $ keytool -list
> > > Keystore type: JKS
> > > Keystore provider: SUN
> > >
> > > Your keystore contains 1 entry
> > >
> > > tomcat, Oct 26, 2012, PrivateKeyEntry,
> > > Certificate fingerprint (SHA1):
> > > C1:8A:4F:EF:80:AB:41:8E:10:B4:98:6B:C4:EE:58:7E:7A:F2:8C:A8
> > >
> > > Note the "PrivateKeyEntry" in there: you need to have the
> > > certificate's private key available in order to unlock the
> > > certificate. Can you try re-creating your keystore and posting all the
> > > commands you use?
> > >
> > > - -chris
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> > > Comment: GPGTools - http://gpgtools.org
> > > Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
> > >
> > > iEYEARECAAYFAlCK5JgACgkQ9CaO5/Lv0PB43gCgusGt82p+037mjGlwk0UsFtQ9
> > > cBoAmwZrEYkIXxNjW7MF/Mqk9raXdhyB
> > > =9CMe
> > > -----END PGP SIGNATURE-----
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > > For additional commands, e-mail: users-h...@tomcat.apache.org
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > > For additional commands, e-mail: users-h...@tomcat.apache.org
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to