Re: ssl tomcat
The place to store the CA certificate(s?) with which you will validate your client certificates. Does not make sense without client certificate validation. Antonio Fiol secam secam wrote: Hi al,l I'm new in tomcat I attemp to use ssl with tomcat. Can any one explain me what are the truststore and truststorepassword properties ? Thanks, Regards, Secam - Yahoo! Mail : votre e-mail personnel et gratuit qui vous suit partout ! Créez votre Yahoo! Mail Dialoguez en direct avec vos amis grâce à Yahoo! Messenger ! smime.p7s Description: S/MIME Cryptographic Signature
Re: ssl tomcat
Hope this helps. http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html Antonio Fiol Bonnín wrote: The place to store the CA certificate(s?) with which you will validate your client certificates. Does not make sense without client certificate validation. Antonio Fiol secam secam wrote: Hi al,l I'm new in tomcat I attemp to use ssl with tomcat. Can any one explain me what are the truststore and truststorepassword properties ? Thanks, Regards, Secam - Yahoo! Mail : votre e-mail personnel et gratuit qui vous suit partout ! Créez votre Yahoo! Mail Dialoguez en direct avec vos amis grâce à Yahoo! Messenger ! -- Dwayne A. Ghant Application Developer Temple University 215.204. [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL - Tomcat
If you want to verify the client's cert, then Kovi's answer is correct. However, it's not up to the server to decide if it's own cert is Ok: It's up to the client to decide that she trusts you. If your client is in Java, then you need to include the CA (aka Signer) cert in your apps TrustStore. Otherwise, you'll have to consult your software's documentation to find out where to put the CA cert so that the app will trust your cert. J.W. Koelewijn [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, First of all I want to excuse if this question was raised before, but I'm new on the mailinglist. Now on to the question: I want to work with SSL on my tomcat, to protect the content sent to it and from it. By what I've read so far, I understand that SSL certificates are sent from the server to the client and the browser of the user will generate a popup giving the details of the certificate. My question now is, is it possible to just send and receive the certificate, and check in my servlet code whether the certificate is correct? So no confirmation of a user (which isn't there in my case, everything shold be automated) is needed? Thanks in advance, J.W. Koelewijn - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL-Tomcat
Did you install JSSE? Twan - Original Message - From: Pirti Andrea (SPES) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 15, 2003 3:26 PM Subject: SSL-Tomcat Hello everyone, i have a problem , with Tomcat 4.1.18 and jvm IBMJava2-141. I opnend connector https, but during startup processing i have this exception: java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav a:79) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:41) at java.lang.reflect.Method.invoke(Method.java:371) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203) Caused by: java.lang.NoClassDefFoundError: sun/security/provider/Sun at org.apache.tomcat.util.net.jsse.JSSEImplementation.getServerSocketFactor y(JSSEImplementation.java:90) at org.apache.coyote.http11.Http11Protocol.checkSocketFactory(Http11Protoco l.java:452) at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:133) at org.apache.coyote.tomcat4.CoyoteConnector.initialize(CoyoteConnector.jav a:1032) at org.apache.catalina.core.StandardService.initialize(StandardService.java :579) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:2 245) at org.apache.catalina.startup.Catalina.start(Catalina.java:511) at org.apache.catalina.startup.Catalina.execute(Catalina.java:400) at org.apache.catalina.startup.Catalina.process(Catalina.java:180) How can i resolve this problem? Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL-Tomcat
Pirti Andrea (SPES) [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello everyone, i have a problem , with Tomcat 4.1.18 and jvm IBMJava2-141. I opnend connector https, but during startup processing i have this exception: java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav a:79) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:41) at java.lang.reflect.Method.invoke(Method.java:371) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203) Caused by: java.lang.NoClassDefFoundError: sun/security/provider/Sun at org.apache.tomcat.util.net.jsse.JSSEImplementation.getServerSocketFactor y(JSSEImplementation.java:90) at org.apache.coyote.http11.Http11Protocol.checkSocketFactory(Http11Protoco l.java:452) at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:133) at org.apache.coyote.tomcat4.CoyoteConnector.initialize(CoyoteConnector.jav a:1032) at org.apache.catalina.core.StandardService.initialize(StandardService.java :579) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:2 245) at org.apache.catalina.startup.Catalina.start(Catalina.java:511) at org.apache.catalina.startup.Catalina.execute(Catalina.java:400) at org.apache.catalina.startup.Catalina.process(Catalina.java:180) How can i resolve this problem? You have two choices: 1) Install Sun's jsse.jar (and friends) for the 1.3.x JVM. 2) Upgrade to 4.1.24 (or, better, 4.1.28) that properly handles IBM's version of JSSE. Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL Tomcat problem
What is the password used for your CERT ? It seems you have to use 'changeit' to get it work. -Original Message- From: Sanjeev Rathore [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 05, 2002 12:24 PM To: [EMAIL PROTECTED] Subject: SSL Tomcat problem I would like to use secure connection with Tomcat. I have followed the instructions that were given on Apache website with respect to SSL and Tomcat connection. I have put in the three jar files(jcert.jar, jnet.jar, jsse.jar) in /usr/java/jdk1.3.1_01/jre/lib/ext and have edited the /etc/profile to make sure that the jar files can be picked up. My .keystore file is located in /usr/java/jdk1.3.1_01/jre/lib/ext. I have edited the server.xml file to include SSL connection, but when I place keystoreFile='/usr/java/jdk1.3.1_01/jre/lib/ext inside Factory tag, the web browser seems to get stuck when it tries to search the web page http://localhost:8080 let alone trying to access secure connection. If I remove the keystoreFile='/usr/java/jdk1.3.1_01/jre/lib/ext from the Factory tag, then I am at least able to access http://localhost:8080 . What would I have to do so that I can access secure connection. Thanks, Sanjeev Rathore - Do You Yahoo!? Sign-up for Video Highlights of 2002 FIFA World Cup
RE: SSL-tomcat probs
Hi, finally another one with the same problem... I have tomcat with ssl and certificates on 3 machines (2 desktops and 1 laptop all connected to the same network). The browser (NS) has certificates and works on all 3 machines. I can connect from the desktops to tomcat on the laptop and it finds the cert. I can connect from the laptop to the tomcats on the desktops and it finds the cert. BUT I cannot connect from the laptop to the tomcat on the laptop - you have no user cert... I installed and set up on all 3 machines the same way... cheers Alexander -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 4:53 PM To: [EMAIL PROTECTED] Subject: SSL-tomcat probs Hello everyone, Well i had configured my site with SSL functionality. I had set the parameters in Server.xml files perfect . one of it is : parameter = clientAuth value=true which means it expects the personal Certificate fom the client . I had tested i got a personal certi on my Browser but when i connect to my SSL site i says that u dont have any Personal Certs. Please tell some Solution to resolve it. Thanks in advance * Mehul S Dave Scientific Officer, (STCS Dept.), Tata Institute of Fundamental Research Phone - 2152971 Extn - 2372 Mumbai . webpage:- http://www.ecom.tifr.res.in/~mehul *
RE: SSL +tomcat
Actually, when trying with any browser, u have to configure ur client and ca cert in the browser keystore. when thru' code also, have to put both certs and ur ca cert in the keystore that u specified in server.xml. once u configure, browser show the client cert when clientAuth=true. try with this Rams +91-040-3000401 x 2162 (O) +91-040-6313447 (R) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 12, 2001 6:59 PM To: [EMAIL PROTECTED] Subject: SSL +tomcat hello all, I am testing Tomcat standalone with client authentication on, and getting some odd results. It works fine if client authentication is not turned on (for both IE and Netscape browsers). If I turn on client authentication, Netscape claims that I do not have a personal certificate, and IE asks me to choose from an empty list of certificates. Any ideas on the problem with the certificate request when I use Tomcat standalone? Is there some configuration to indicate the type of certificate the server is requesting? I am using both client server certificates generated by Openssl. More precisely I have an Server Certificate stored in Keystore (Tomcat side) and a client Certificate integrated in my browser. Both certificates are signed by a CA Authority whose certificate is on my browser too. This problem has been already encoutered by many people ([EMAIL PROTECTED] for example) Many thanks, Arnaud Pierre. PS: I use tomcat 4.0b5
RE: SSL +tomcat
-- -Message d'origine- -- De: Rams [mailto:[EMAIL PROTECTED]] -- Date: mercredi 13 juin 2001 10:14 -- À: [EMAIL PROTECTED] -- Objet: RE: SSL +tomcat -- -- -- Actually, -- when trying with any browser, u have to configure ur -- client and ca cert -- in the browser keystore. -- when thru' code also, have to put both certs and ur ca -- cert in the keystore -- that u specified in server.xml. -- once u configure, browser show the client cert when clientAuth=true. -- -- try with this -- -- Rams -- +91-040-3000401 x 2162 (O) -- +91-040-6313447 (R) -- -- -- -Original Message- -- From: [EMAIL PROTECTED] -- [mailto:[EMAIL PROTECTED]] -- Sent: Tuesday, June 12, 2001 6:59 PM -- To: [EMAIL PROTECTED] -- Subject: SSL +tomcat -- -- -- hello all, -- -- I am testing Tomcat standalone with client authentication -- on, and getting -- some odd results. It works fine if client authentication -- is not turned on -- (for both IE and Netscape browsers). If I turn on client -- authentication, -- Netscape claims that I do not have a personal certificate, -- and IE asks me to -- choose from an empty list of certificates. -- Any ideas on the problem with the certificate request when -- I use Tomcat -- standalone? Is there some configuration to indicate the -- type of certificate -- the server is requesting? I am using both client server -- certificates -- generated by Openssl. -- More precisely I have an Server Certificate stored in -- Keystore (Tomcat side) -- and a client -- Certificate integrated in my browser. Both certificates are -- signed by a CA -- Authority whose -- certificate is on my browser too. -- This problem has been already encoutered by many people -- ([EMAIL PROTECTED] for example) -- Many thanks, -- Arnaud Pierre. -- -- PS: I use tomcat 4.0b5 --
RE: SSL +tomcat
what did u write here? Rams +91-040-3000401 x 2162 (O) +91-040-6313447 (R) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 13, 2001 4:35 PM To: [EMAIL PROTECTED] Subject: RE: SSL +tomcat -- -Message d'origine- -- De: Rams [mailto:[EMAIL PROTECTED]] -- Date: mercredi 13 juin 2001 10:14 -- À: [EMAIL PROTECTED] -- Objet: RE: SSL +tomcat -- -- -- Actually, -- when trying with any browser, u have to configure ur -- client and ca cert -- in the browser keystore. -- when thru' code also, have to put both certs and ur ca -- cert in the keystore -- that u specified in server.xml. -- once u configure, browser show the client cert when clientAuth=true. -- -- try with this -- -- Rams -- +91-040-3000401 x 2162 (O) -- +91-040-6313447 (R) -- -- -- -Original Message- -- From: [EMAIL PROTECTED] -- [mailto:[EMAIL PROTECTED]] -- Sent: Tuesday, June 12, 2001 6:59 PM -- To: [EMAIL PROTECTED] -- Subject: SSL +tomcat -- -- -- hello all, -- -- I am testing Tomcat standalone with client authentication -- on, and getting -- some odd results. It works fine if client authentication -- is not turned on -- (for both IE and Netscape browsers). If I turn on client -- authentication, -- Netscape claims that I do not have a personal certificate, -- and IE asks me to -- choose from an empty list of certificates. -- Any ideas on the problem with the certificate request when -- I use Tomcat -- standalone? Is there some configuration to indicate the -- type of certificate -- the server is requesting? I am using both client server -- certificates -- generated by Openssl. -- More precisely I have an Server Certificate stored in -- Keystore (Tomcat side) -- and a client -- Certificate integrated in my browser. Both certificates are -- signed by a CA -- Authority whose -- certificate is on my browser too. -- This problem has been already encoutered by many people -- ([EMAIL PROTECTED] for example) -- Many thanks, -- Arnaud Pierre. -- -- PS: I use tomcat 4.0b5 --
RE: SSL +tomcat
Thank you for your response. Unfortunally, I tried you said on my one but without any further success: In fact I generate all my certificates with openssl. I have got a CA root certificate integrated in Internet Explorer. I have got a client certificate certified by this CA root certificate. both certificates are said to be valid by IE. In addition I made a little soft to generate a keystore containing a private key, a chain of two certificates containing: -an SSL server certicate ( corresponding to that private key) -the CA root certificate. When I try an on line server Authentication, It goes well. But when I suggest clientAuth= true, IE displays an empty list of certificates... :o( I would like it to display at least my client certificate I believe my certificates are not really valid at all even if they're recognized by IE as valid... Could it be possible to make tests with your own certificates. Or is there an easier way to generate them. Thank you very much for your interest in my problem!! Arnaud. -- -Message d'origine- -- De: Rams [mailto:[EMAIL PROTECTED]] -- Date: mercredi 13 juin 2001 10:14 -- À: [EMAIL PROTECTED] -- Objet: RE: SSL +tomcat -- -- -- Actually, -- when trying with any browser, u have to configure ur -- client and ca cert -- in the browser keystore. -- when thru' code also, have to put both certs and ur ca -- cert in the keystore -- that u specified in server.xml. -- once u configure, browser show the client cert when clientAuth=true. -- -- try with this -- -- Rams -- +91-040-3000401 x 2162 (O) -- +91-040-6313447 (R) -- -- -- -Original Message- -- From: [EMAIL PROTECTED] -- [mailto:[EMAIL PROTECTED]] -- Sent: Tuesday, June 12, 2001 6:59 PM -- To: [EMAIL PROTECTED] -- Subject: SSL +tomcat -- -- -- hello all, -- -- I am testing Tomcat standalone with client authentication -- on, and getting -- some odd results. It works fine if client authentication -- is not turned on -- (for both IE and Netscape browsers). If I turn on client -- authentication, -- Netscape claims that I do not have a personal certificate, -- and IE asks me to -- choose from an empty list of certificates. -- Any ideas on the problem with the certificate request when -- I use Tomcat -- standalone? Is there some configuration to indicate the -- type of certificate -- the server is requesting? I am using both client server -- certificates -- generated by Openssl. -- More precisely I have an Server Certificate stored in -- Keystore (Tomcat side) -- and a client -- Certificate integrated in my browser. Both certificates are -- signed by a CA -- Authority whose -- certificate is on my browser too. -- This problem has been already encoutered by many people -- ([EMAIL PROTECTED] for example) -- Many thanks, -- Arnaud Pierre. -- -- PS: I use tomcat 4.0b5 --