Re: Have a Problem Importing an SSL Certificate
On 31.10.2010 23:38, Caldarale, Charles R wrote: From: Marwan Kandeel [mailto:marwan.kand...@bupa.com.sa] Subject: Re: Have a Problem Importing an SSL Certificate You do this SSL process by running batches. So you actually do not have access to tomcat interface. I think the system is built on tomcat 5.5. You will still need to find out if the Tomcat in question is running with APR as its mechanism; the SSL setup is completely different when using APR. You might want to experiment with a locally installed Tomcat first, just to verify that the certificate and procedure is viable. Exactly, you will need to dig deeper into the problem to find the cause. For starters: 1. What is exact Tomcat version used? 2. Post content of server.xml file (with passwords removed) -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Have a Problem Importing an SSL Certificate
> From: Marwan Kandeel [mailto:marwan.kand...@bupa.com.sa] > Subject: Re: Have a Problem Importing an SSL Certificate > You do this SSL process by running batches. So you actually do > not have access to tomcat interface. I think the system is built > on tomcat 5.5. You will still need to find out if the Tomcat in question is running with APR as its mechanism; the SSL setup is completely different when using APR. You might want to experiment with a locally installed Tomcat first, just to verify that the certificate and procedure is viable. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Have a Problem Importing an SSL Certificate
If I switch the certificates in a sense I import the root as a primary and the primary as root, the system works fine on https but displays the usual certificate warning that the CA is not recognized... --Original Message-- From: Ognjen Blagojevic To: Tomcat Users List ReplyTo: Tomcat Users List Subject: Re: Have a Problem Importing an SSL Certificate Sent: Nov 1, 2010 1:10 AM Hi Marwan, > I'm spinning into circles importing the certificate into my system. We are > using a web based software that resides on tomcat. Here are the instructions > I have got from the vendor on how to import the SSL: Instructions seems correct. > I'm assuming the root certificate is the one that certifies the CA. I'm using > Equifax Secure eBusiness CA-1. > > I'm also assuming that the primary certificate is the one we purchased and is > issued to us and includes our FQDN. This is also correct. > After I apply the certificates, the system does not work. If I configure > tomcat to use HTTP and any custom port it works. I'm really going out of my > mind!!! After you calm down, please describe what "the system does not work" means? Are all certificates imported correctly? When you list your certificates (with "keytool -list -keystore mykeystore.jks") you should see several trusted key entries and one private key entry. Check if your server.xml config for HTTPS connector is pointing to right keystore file. Describe exactly what did you try and what error message do you get. Regards, Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org **Sent from my BlackBerry®** Regards, Marwan Kandeel | IT Support Team Leader | Bupa Arabia PO Box 23807 Jeddah 21436 Saudi Arabia T: +966 920 000 456 Ext. 5119 | M: +966 501 941 099 Disclaimer: Internet communications are not secure and therefore Bupa does not accept legal responsibility for the contents of this message. Any views or opinions presented are solely those of the author and do not necessarily represent those of Bupa. The information in this email is intended only for the named recipient and may be privileged or confidential. If you are not the intended recipient please notify us immediately on +966 920 000456 and do not copy, distribute or take action based on this email. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Have a Problem Importing an SSL Certificate
Thanks Ognjen for the constructive reply. This system is a production environment. The system is "Servicedesk Plus" by "Manage Engine". It is a web based help desk system and using tomcat as the web server. You do this SSL process by running batches. So you actually do not have access to tomcat interface. I think the system is built on tomcat 5.5. When I follow the steps and import both certificates, I have to change the application to use https port 443. When this is done, IE does not display the page. If I return the protocol back to http and port 80 IE works fine. --Original Message-- From: Ognjen Blagojevic To: Tomcat Users List ReplyTo: Tomcat Users List Subject: Re: Have a Problem Importing an SSL Certificate Sent: Nov 1, 2010 1:10 AM Hi Marwan, > I'm spinning into circles importing the certificate into my system. We are > using a web based software that resides on tomcat. Here are the instructions > I have got from the vendor on how to import the SSL: Instructions seems correct. > I'm assuming the root certificate is the one that certifies the CA. I'm using > Equifax Secure eBusiness CA-1. > > I'm also assuming that the primary certificate is the one we purchased and is > issued to us and includes our FQDN. This is also correct. > After I apply the certificates, the system does not work. If I configure > tomcat to use HTTP and any custom port it works. I'm really going out of my > mind!!! After you calm down, please describe what "the system does not work" means? Are all certificates imported correctly? When you list your certificates (with "keytool -list -keystore mykeystore.jks") you should see several trusted key entries and one private key entry. Check if your server.xml config for HTTPS connector is pointing to right keystore file. Describe exactly what did you try and what error message do you get. Regards, Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org **Sent from my BlackBerry®** Regards, Marwan Kandeel | IT Support Team Leader | Bupa Arabia PO Box 23807 Jeddah 21436 Saudi Arabia T: +966 920 000 456 Ext. 5119 | M: +966 501 941 099 Disclaimer: Internet communications are not secure and therefore Bupa does not accept legal responsibility for the contents of this message. Any views or opinions presented are solely those of the author and do not necessarily represent those of Bupa. The information in this email is intended only for the named recipient and may be privileged or confidential. If you are not the intended recipient please notify us immediately on +966 920 000456 and do not copy, distribute or take action based on this email. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Have a Problem Importing an SSL Certificate
Hi Marwan, I'm spinning into circles importing the certificate into my system. We are using a web based software that resides on tomcat. Here are the instructions I have got from the vendor on how to import the SSL: Instructions seems correct. I'm assuming the root certificate is the one that certifies the CA. I'm using Equifax Secure eBusiness CA-1. I'm also assuming that the primary certificate is the one we purchased and is issued to us and includes our FQDN. This is also correct. After I apply the certificates, the system does not work. If I configure tomcat to use HTTP and any custom port it works. I'm really going out of my mind!!! After you calm down, please describe what "the system does not work" means? Are all certificates imported correctly? When you list your certificates (with "keytool -list -keystore mykeystore.jks") you should see several trusted key entries and one private key entry. Check if your server.xml config for HTTPS connector is pointing to right keystore file. Describe exactly what did you try and what error message do you get. Regards, Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Have a Problem Importing an SSL Certificate
> From: Marwan Kandeel [mailto:marwan.kand...@bupa.com.sa] > Subject: Have a Problem Importing an SSL Certificate > I'm really going out of my mind!!! So I guess it's good that we can't read it to find out what Tomcat version you're using, if you're using APR, what the JVM level is that you're running on, the platform in use, whether or not you've got a front-end like httpd, and whether or not you've read the relevant Tomcat docs: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html http://tomcat.apache.org/tomcat-6.0-doc/apr.html#HTTPS - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org