-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Piotr,

On 6/28/2011 9:28 AM, Piotr Pawlowski wrote:
> Since yesterday I am trying to install to install certificate under Tomcat
> (7.0.16) without luck.

Which <Connector>? SSL configuration is different when using APR's SSL
engine.

> I received from my client three files: wildcard certificate (cert.crt) , key
> file (cert.key) and something what is not quite clear for me - cabundle.pem.

That's the Certificate Authority's (CA) bundle file, including all
public certs that the (web) client might need in order to build a chain
of trust from the built-in root certs shipping with the browser to the
certificate issued to your (business) client. It's in PEM format
(http://www.openssl.org/docs/crypto/pem.html#PEM_ENCRYPTION_FORMAT).

> I've successfully used some java script ( 
> http://www.startux.de/images/phocadownload/importkey.java ) which
> imports key and cert to one keystore file

You could also use keytool, which comes with the JRE and which fits that
exact purpose. The above is not java script (whatever that is), it's
just Java.

> [I] configured server.xml to use it

How?

> but now I receive error *"sec_error_bad_signature".

Client side or server side?

> I am not sure if I did it correctly.

So, tell us what you did and maybe we can find the problem: what does
your <Connector> definition look like in conf/server.xml? Remember to
remove any passwords from it before you post. Also, give us the paths to
all files you have on the disk to support the SSL configuration (key
store, cert store, etc.).

> Does anybody know how to correctly use existing wildcard cert, key
> file ant this cabundle.pem together with Tomcat 7.0.16 ?

I haven't used a wildcard cert before, but I suspect that the
configuration is identical to that of a non-wildcard cert, since it's
the (web) client that decides whether or not the cert is valid, not the
server.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4J7/AACgkQ9CaO5/Lv0PD/QwCggnxm3ZjfU+7Xk3yIL5XJ3C3O
hMwAoIKNLqtEppI910PS53OrEUiK8x1z
=QdSc
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to