-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Piotr,
On 6/28/2011 9:28 AM, Piotr Pawlowski wrote: > Since yesterday I am trying to install to install certificate under Tomcat > (7.0.16) without luck. Which <Connector>? SSL configuration is different when using APR's SSL engine. > I received from my client three files: wildcard certificate (cert.crt) , key > file (cert.key) and something what is not quite clear for me - cabundle.pem. That's the Certificate Authority's (CA) bundle file, including all public certs that the (web) client might need in order to build a chain of trust from the built-in root certs shipping with the browser to the certificate issued to your (business) client. It's in PEM format (http://www.openssl.org/docs/crypto/pem.html#PEM_ENCRYPTION_FORMAT). > I've successfully used some java script ( > http://www.startux.de/images/phocadownload/importkey.java ) which > imports key and cert to one keystore file You could also use keytool, which comes with the JRE and which fits that exact purpose. The above is not java script (whatever that is), it's just Java. > [I] configured server.xml to use it How? > but now I receive error *"sec_error_bad_signature". Client side or server side? > I am not sure if I did it correctly. So, tell us what you did and maybe we can find the problem: what does your <Connector> definition look like in conf/server.xml? Remember to remove any passwords from it before you post. Also, give us the paths to all files you have on the disk to support the SSL configuration (key store, cert store, etc.). > Does anybody know how to correctly use existing wildcard cert, key > file ant this cabundle.pem together with Tomcat 7.0.16 ? I haven't used a wildcard cert before, but I suspect that the configuration is identical to that of a non-wildcard cert, since it's the (web) client that decides whether or not the cert is valid, not the server. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4J7/AACgkQ9CaO5/Lv0PD/QwCggnxm3ZjfU+7Xk3yIL5XJ3C3O hMwAoIKNLqtEppI910PS53OrEUiK8x1z =QdSc -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
