After following the docs to generate self-signed pkcs12 key, I failed to import the key/certificate into my application with No password given for keystore, integrity will not be verified. What does the reason cause this error?
I read some docs which ask to create an empty Java keystore and convert PEM formatted key to PKCS8 format. Why do I need to create an empty keystore? Thanks, Lisa ---- Original message ---- >Date: Fri, 10 Aug 2007 18:25:56 -0700 >From: "Bill Barker" <[EMAIL PROTECTED]> >Subject: Re: Self-Signed Certificate for Tomcat JVM and CAS >To: users@tomcat.apache.org > > >"Lisa Tan" <[EMAIL PROTECTED]> wrote in message >news:[EMAIL PROTECTED] >>I don't know if this is a right list to ask this question. I tried to >> configure shibboleth which uses Tomcat with CAS authentication. I received >> an error: Unable to validate ProxyTicketValidator >> >> >> >> I did google search on this topic and understood the reason causing this >> problem is Tomcat JVM doesn't trust the SSL cert of the CAS server. Since >> I >> am still in the testing stage, I can't get a CA certificate but the >> self-signed certificate. >> >> >> >> If my understanding is correct, the self signed certificate via openssl >> doesn't have jks format but Tomcat JVM only accept jks format certificate. >> > >If you had read the friendly manual at >http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html, you would know that >this isn't true :). While it talks about the keystore, the truststore works >the same way. So use openssl to create a pkcs12 file, specify this as the >truststore, in whatever way you need to do from the CAS docs, and you should >be good to go. >> >> >> I am just wondering if any one can give me some instruction how to create >> a >> self-signed certificate and private key which can be used or imported to >> both Tomcat JVM and CAS server. >> >> >> >> Thanks, >> >> >> >> Lisa >> >> >> >> >> >> > > > > >--------------------------------------------------------------------- >To start a new topic, e-mail: users@tomcat.apache.org >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
