On 25/05/2010 14:00, Gustavo Mauro wrote:
> 
>     Hello all,
>     I am currently deploying a solution (B.O. Server) that uses both IIS 6 
> and Tomcat 5; this last one just as a servlet handler.
>     This web site though must be secure and reached only via HTTPS (tcp 
> 443/8443).
>     The SSL certificate was generated to IIS and, using its tools, exported 
> as an PKC12 key file to be used on Tomcat. However, the keystore is not being 
> recognized and I am somehow clueless on what to do to fix the problem.

So is IIS handling the SSL or is Tomcat?  If it's the latter, have you
read the following instructions?

 http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

> What I did: 
> 1) from IIS Management Console, I exported the already installed and working 
> certificate to a *.pfx file.
> 2) edited tomcat's server.xml file as below:
> 
> <Connector port="8443" 
> maxThreads="150" 
> minSpareThreads="25" 
> maxSpareThreads="75"
> enableLookups="false" 
> disableUploadTimeout="true"
> acceptCount="100" 
> debug="1" 
> scheme="https" 
> secure="true"
> clientAuth="false" 
> sslProtocol="TLS" 
> keystoretype="PKCS12"
> keystoreFile="e:\bo01_w3svc1_cert.pfx"
> keystorePass="password" /> 

A KeyStore is not a certificate file.  See the above link for more
information.


p


> 3) started both IIS 6 and Tomcat 5 (installed by BOE)
> 
> 4) IIS works fine, while Tomcat throws me the error below:
> May 20, 2010 4:15:36 PM org.apache.coyote.http11.Http11Protocol init
> INFO: Initializing Coyote HTTP/1.1 on http-8080
> May 20, 2010 4:15:36 PM org.apache.coyote.http11.Http11Protocol init
> SEVERE: Error initializing endpoint
> java.io.IOException: Invalid keystore format
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:629)
> at java.security.KeyStore.load(KeyStore.java:652)
> at 
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:278)
> at 
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:220)
> at 
> org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14SocketFactory.java:143)
> at 
> org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:109)
> at 
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:88)
> at 
> org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:259)
> at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:137)
> at 
> org.apache.coyote.tomcat5.CoyoteConnector.initialize(CoyoteConnector.java:1429)
> at 
> org.apache.catalina.core.StandardService.initialize(StandardService.java:609)
> at 
> org.apache.catalina.core.StandardServer.initialize(StandardServer.java:2384)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:507)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:528)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:324)
> 
> I searched the net for advices, but none of the posts successfully solved the 
> problem.
> 
> Does anyone know what may be going on here?
> 
> Thanks,
> 
> Gustavo. 
> 
>                                         
> _________________________________________________________________
> QUEM VOCÊ QUER SER HOJE NO MESSENGER? TRANSFORME SUA FOTO, É GRÁTIS.
> http://ilm.windowslive.com.br/?ocid=ILM:ILM:Hotmail:Tagline:1x1:Tagline


Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to