RE: X509 certificates and https
Hi, I think I have seen this Exception. I had certificate with both human readable and encoded parts. I deleted human readable part (I left only encoded part between -BEGIN CERTIFICATE- and -END CERTIFICATE- including these tags). After this, I was able to import this certificate. Lipi -Original Message- From: Julie McCabe [mailto:[EMAIL PROTECTED] Sent: Thursday, May 27, 2004 4:21 PM To: Tomcat Users List Subject: Re: X509 certificates and https Hi, I tried the following command keytool -import -alias tomcat -keystore server.ks -trustcacerts -file server.crt with my certificate and key which are in pem format and it returned keytool error: java.lang.Exception: Input not an X.509 certificate I have the CA certifcate stored in my browser but cant see how I can export it? Thanks Julie. On Thursday 27 May 2004 15:24, [EMAIL PROTECTED] wrote: The only thing you have to do is running the java keytool utily with following command: keytool -import -alias tomcat -keystore server.ks -trustcacerts -file server.crt This inserts thet server.crt certificate into the keystore that tomcat uses. Your CA scertificate needs to be in the trusted keystore of your JRE under which Tomcat runs. If this is not the case put it in there as follows: keytool -import -keystore %JAVA_HOME%/lib/security/cacerts -file ca.pem -alias my_alias This inserts the root certificate ca.pem into the trusted keystore of the JRE being used. This should work. Ron Blom - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: X509 certificates and https
First you need to import you CA cert into a JKS keystore file (usually different from the one that you are using for Tomcat's keystore). Since you are using 4.1.x, you then need to add: -Djavax.net.ssl.trustStore=/path/to/truststore/file to the command line that starts Tomcat. (For TC 5, you would add truststoreFile=/path/to/truststore/file to the Connector element in server.xml). After that, Tomcat should start accepting you client certs. Julie McCabe [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, I am trying to use SSL authenitcation with X509 certificates. The certifcates are not in the Java keystore. I would like to know how to get my certificate whichi is signed by a specific CA into the keystore and use the https connector. I have found some documentation on the web but have had little success with getting my certificates into the keystore and SSL Connector configuration. I know my certificates are valid, maybe I am missing something with regards to the CA which signed the certifcate. I am using tomcat 4.1.27, Red Hat Linix 9.0. Thanks, Julie. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
X509 certificates and https
Hello, I am trying to use SSL authenitcation with X509 certificates. The certifcates are not in the Java keystore. I would like to know how to get my certificate whichi is signed by a specific CA into the keystore and use the https connector. I have found some documentation on the web but have had little success with getting my certificates into the keystore and SSL Connector configuration. I know my certificates are valid, maybe I am missing something with regards to the CA which signed the certifcate. I am using tomcat 4.1.27, Red Hat Linix 9.0. Thanks, Julie. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Betr.: X509 certificates and https
The only thing you have to do is running the java keytool utily with following command: keytool -import -alias tomcat -keystore server.ks -trustcacerts -file server.crt This inserts thet server.crt certificate into the keystore that tomcat uses. Ron Blom Julie McCabe [EMAIL PROTECTED] 27-05-2004 15:28 Antwoord a.u.b. aan Tomcat Users List Aan:Tomcat Users List [EMAIL PROTECTED] cc: Onderwerp: X509 certificates and https Hello, I am trying to use SSL authenitcation with X509 certificates. The certifcates are not in the Java keystore. I would like to know how to get my certificate whichi is signed by a specific CA into the keystore and use the https connector. I have found some documentation on the web but have had little success with getting my certificates into the keystore and SSL Connector configuration. I know my certificates are valid, maybe I am missing something with regards to the CA which signed the certifcate. I am using tomcat 4.1.27, Red Hat Linix 9.0. Thanks, Julie. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: X509 certificates and https
The only thing you have to do is running the java keytool utily with following command: keytool -import -alias tomcat -keystore server.ks -trustcacerts -file server.crt This inserts thet server.crt certificate into the keystore that tomcat uses. Your CA scertificate needs to be in the trusted keystore of your JRE under which Tomcat runs. If this is not the case put it in there as follows: keytool -import -keystore %JAVA_HOME%/lib/security/cacerts -file ca.pem -alias my_alias This inserts the root certificate ca.pem into the trusted keystore of the JRE being used. This should work. Ron Blom
Re: X509 certificates and https
Hi, I tried the following command keytool -import -alias tomcat -keystore server.ks -trustcacerts -file server.crt with my certificate and key which are in pem format and it returned keytool error: java.lang.Exception: Input not an X.509 certificate I have the CA certifcate stored in my browser but cant see how I can export it? Thanks Julie. On Thursday 27 May 2004 15:24, [EMAIL PROTECTED] wrote: The only thing you have to do is running the java keytool utily with following command: keytool -import -alias tomcat -keystore server.ks -trustcacerts -file server.crt This inserts thet server.crt certificate into the keystore that tomcat uses. Your CA scertificate needs to be in the trusted keystore of your JRE under which Tomcat runs. If this is not the case put it in there as follows: keytool -import -keystore %JAVA_HOME%/lib/security/cacerts -file ca.pem -alias my_alias This inserts the root certificate ca.pem into the trusted keystore of the JRE being used. This should work. Ron Blom - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Betr.: Re: X509 certificates and https
If you use Internet Explorer you simple go to the Trusted Certificate Authorties, select the CA certificate and export it to some format. You should then be able to import it into your trusted keystore. Ron Julie McCabe [EMAIL PROTECTED] 27-05-2004 16:21 Antwoord a.u.b. aan Tomcat Users List Aan:Tomcat Users List [EMAIL PROTECTED] cc: Onderwerp: Re: X509 certificates and https Hi, I tried the following command keytool -import -alias tomcat -keystore server.ks -trustcacerts -file server.crt with my certificate and key which are in pem format and it returned keytool error: java.lang.Exception: Input not an X.509 certificate I have the CA certifcate stored in my browser but cant see how I can export it? Thanks Julie. On Thursday 27 May 2004 15:24, [EMAIL PROTECTED] wrote: The only thing you have to do is running the java keytool utily with following command: keytool -import -alias tomcat -keystore server.ks -trustcacerts -file server.crt This inserts thet server.crt certificate into the keystore that tomcat uses. Your CA scertificate needs to be in the trusted keystore of your JRE under which Tomcat runs. If this is not the case put it in there as follows: keytool -import -keystore %JAVA_HOME%/lib/security/cacerts -file ca.pem -alias my_alias This inserts the root certificate ca.pem into the trusted keystore of the JRE being used. This should work. Ron Blom - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Betr.: Re: X509 certificates and https
Hello, I should have included this in my original mail but I am using Mozilla 1.4.1 on RedHat Linuz 9.0 - any ideas? Julie. On Thursday 27 May 2004 15:47, [EMAIL PROTECTED] wrote: If you use Internet Explorer you simple go to the Trusted Certificate Authorties, select the CA certificate and export it to some format. You should then be able to import it into your trusted keystore. Ron Julie McCabe [EMAIL PROTECTED] 27-05-2004 16:21 Antwoord a.u.b. aan Tomcat Users List Aan:Tomcat Users List [EMAIL PROTECTED] cc: Onderwerp: Re: X509 certificates and https Hi, I tried the following command keytool -import -alias tomcat -keystore server.ks -trustcacerts -file server.crt with my certificate and key which are in pem format and it returned keytool error: java.lang.Exception: Input not an X.509 certificate I have the CA certifcate stored in my browser but cant see how I can export it? Thanks Julie. On Thursday 27 May 2004 15:24, [EMAIL PROTECTED] wrote: The only thing you have to do is running the java keytool utily with following command: keytool -import -alias tomcat -keystore server.ks -trustcacerts -file server.crt This inserts thet server.crt certificate into the keystore that tomcat uses. Your CA scertificate needs to be in the trusted keystore of your JRE under which Tomcat runs. If this is not the case put it in there as follows: keytool -import -keystore %JAVA_HOME%/lib/security/cacerts -file ca.pem -alias my_alias This inserts the root certificate ca.pem into the trusted keystore of the JRE being used. This should work. Ron Blom - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Betr.: Re: Betr.: Re: X509 certificates and https
Sorry, I'm not familiar with this environment. Which CA certificate your server certificate is signed with? Give me some important attributes. Perhaps I can send you this certificate as an attachment. Julie McCabe [EMAIL PROTECTED] 27-05-2004 16:47 Antwoord a.u.b. aan Tomcat Users List Aan:Tomcat Users List [EMAIL PROTECTED] cc: Onderwerp: Re: Betr.: Re: X509 certificates and https Hello, I should have included this in my original mail but I am using Mozilla 1.4.1 on RedHat Linuz 9.0 - any ideas? Julie. On Thursday 27 May 2004 15:47, [EMAIL PROTECTED] wrote: If you use Internet Explorer you simple go to the Trusted Certificate Authorties, select the CA certificate and export it to some format. You should then be able to import it into your trusted keystore. Ron Julie McCabe [EMAIL PROTECTED] 27-05-2004 16:21 Antwoord a.u.b. aan Tomcat Users List Aan:Tomcat Users List [EMAIL PROTECTED] cc: Onderwerp: Re: X509 certificates and https Hi, I tried the following command keytool -import -alias tomcat -keystore server.ks -trustcacerts -file server.crt with my certificate and key which are in pem format and it returned keytool error: java.lang.Exception: Input not an X.509 certificate I have the CA certifcate stored in my browser but cant see how I can export it? Thanks Julie. On Thursday 27 May 2004 15:24, [EMAIL PROTECTED] wrote: The only thing you have to do is running the java keytool utily with following command: keytool -import -alias tomcat -keystore server.ks -trustcacerts -file server.crt This inserts thet server.crt certificate into the keystore that tomcat uses. Your CA scertificate needs to be in the trusted keystore of your JRE under which Tomcat runs. If this is not the case put it in there as follows: keytool -import -keystore %JAVA_HOME%/lib/security/cacerts -file ca.pem -alias my_alias This inserts the root certificate ca.pem into the trusted keystore of the JRE being used. This should work. Ron Blom - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]