I have done the following... (I am running Tomcat 5 on a Windows 2003 Server)
- Recreated the .keystore many different times trying to get one to work... - Tried different aliases with my domain crt (does the alias matter?) - Installed the crts in Windows and everthing shows fine there when viewing the crt. - Set my config in the server.xml (I have tried SSL and TLS): <!-- Define a SSL HTTP/1.1 Connector on port 8443 --> <Connector port="443" maxHttpHeaderSize="8192" address="192.168.1.190" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="tomcat.keystore" keystorePass="changeit"/> - Imported the certificates into my keystore in the following order: root, intermed, tomcat. C:\Program Files\Java\jdk1.5.0_05\bin>keytool -list -keystore tomcat.keystore Enter keystore password: changeit Keystore type: jks Keystore provider: SUN Your keystore contains 3 entries root, Nov 13, 2006, trustedCertEntry, Certificate fingerprint (MD5): A9:23:75:9B:BA:49:36:6E:31:C2:DB:F2:E7:66:BA:87 tomcat, Nov 13, 2006, trustedCertEntry, Certificate fingerprint (MD5): 73:EA:94:A1:38:C8:9A:5D:65:44:7C:C7:65:A7:01:5F intermed, Nov 13, 2006, trustedCertEntry, Certificate fingerprint (MD5): 7A:A5:BA:4F:BC:0A:C5:3C:56:E9:50:A0:13:6A:88:A9 C:\Program Files\Java\jdk1.5.0_05\bin> - When I installed the root crt it said that there was already a system wide root crt installed, do I want to continue to import it into the keystore and I said 'yes'. - All I get is a 'Page cannot be displayed' when trying to access the browser 'https:' - If I create a keystore without importing the real crt, then it works, but just says that the crt it to trusted. What am I missing? I can't get it to work... -----Original Message----- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Saravana Kumar Sent: Wednesday, November 15, 2006 5:07 AM To: users@tomcat.apache.org Subject: Re: Need help w/ installing certificate continued... Andy Tipton wrote: > I have read all through the documentation and can't find what I am doing > wrong. The only thing that I didn't do was the importing of the > valicert_class2_root.crt file because I wasn't given one when I downloaded > my certificate. I imported the real one after I imported the intermediate > crt. Did you get any error during this step ie., importing intermediate crt after root? > So now I have this: > > C:\Program Files\Java\jdk1.5.0_05\bin>keytool -list -keystore .keystore > Enter keystore password: changeit > > Keystore type: jks > Keystore provider: SUN > > Your keystore contains 2 entries > > tomcat5, Nov 13, 2006, trustedCertEntry, > Certificate fingerprint (MD5): > 73:EA:94:A1:38:C8:9A:5D:65:44:7C:C7:65:A7:01:5F > intermed, Nov 13, 2006, trustedCertEntry, > Certificate fingerprint (MD5): > 7A:A5:BA:4F:BC:0A:C5:3C:56:E9:50:A0:13:6A:88:A9 > > C:\Program Files\Java\jdk1.5.0_05\bin> > > Could it have to do with the alias? I am can't figure out what it could > be. I am not sure of whether this could be the problem with alias. > I just get a 'page cannot be displayed' when trying to access it. I have > been reading, but can't find anywhere that really explains who the > keystore and certificate relate to each other. if the alias matters. > > I really need some help here. Below are the steps i did in one of my Linux box(must work in windows too). First i generated tomcat.key & CSR with: $ keytool -genkey -alias tomcat -keyalg RSA -keystore tomcat.key $ keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore tomcat.key Got the certs from our CA(Files sf_issuing.crt & _mydomain.crt). Copied the CA's intermediate cert to valicert_class2_root.crt First import the CA's intermediate certificate to root, like this: $ keytool -import -alias root -keystore tomcat.key -trustcacerts -file valicert_class2_root.crt Then import issuing cert to intermed: $ keytool -import -alias intermed -keystore tomcat.key -trustcacerts -file sf_issuing.crt Last is to import your domain's cert to tomcat alias: $ keytool -import -alias tomcat -keystore tomcat.key -trustcacerts -file _mydomain.crt The above steps worked perfectly for me. I had to just point the correct key file in server.xml and https started working. Let me know if that helped you out. Regds, SK --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]