What I can say is this:
1. In keystoreFile attribute provide the complete path
(C:\MyCertFolder\mykeystore.ks)
Same for truststore.
2. Where do I specify the file that store the client's certificate?
In your client code that makes a call to the https specify the location of
the keystore and in the server side code that you will will write, get the
message context
(someting like:
MessageContext context = MessageContext.getCurrentContext();
...
HttpServletRequest req = (HttpServletRequest)context .getProperty
(HTTPConstants.MC_HTTP_SERVLETREQUEST);
// and the code to match the client certificate with the client keystore on
the server
// so you specify its location on the server having the same client
keystore...
)
Hope this helps,
Regards,
Rommel.
----- Original Message -----
From: "Alex Chen" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Wednesday, February 25, 2004 11:30 PM
Subject: Using HTTPS with keystore and trust store files
> Hi,
> I am trying to set up Tomcat for HTTPS connection with keystore and
> truststore files. I want to use Tomcat as the
> web server so the port number is 80 and 443 for HTTP and HTTPS,
> respectively. I am running Tomcat on Windows XP.
>
> Here is the 'Connector' entry in %CATALINA_HOME%\conf\server.xml.
> <Connector port="443"
> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> enableLookups="false" disableUploadTimeout="true"
> acceptCount="100" debug="0" scheme="https" secure="true"
> clientAuth="true" sslProtocol="TLS"
> keystoreFile="server.ks" keystoreType="JCEKS"
> keystorePass="changeit"
> truststoreFile="server.ts" truststoreType="JCEKS" >
> </Connector>
>
> When I start tomcat, I get the following error:
>
> java.io.FileNotFoundException: server.ks (The system cannot find the
> file specif
> ied)
> at java.io.FileInputStream.open(Native Method)
> at java.io.FileInputStream.<init>(FileInputStream.java:106)
> at java.io.FileInputStream.<init>(FileInputStream.java:66)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket
> Factory.java:262)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc
> ketFactory.java:232)
> ......
>
> I tried to put the file in different places, the user's home directory
> in C:\Documents and Settings\%user%\,
> %CATALINA_HOME%\, %CATALINA_HOME%\webapps, %CATALINA_HOME%\webapps\ROOT,
> but they all failed.
>
> My questions are:
> 1. Where should the keystore file be stored if I set the 'keystoreFile'
> attribute in Connector element?
>
> 2. If I set 'clientAuth' to true, shouldn't there be a place to store
> the the client's certificate, i.e. the truststore?
> Where do I specify the file that store the client's certificate?
> I saw the truststoreFile attribute in an example from
> http://www.j2ee-security.net/book/sample-chap/
> It sets this attribute in a 'Factory' subelement. But that is for
> Tomcat 4.X.
>
> Any help is appreciated.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
*********************************************************
Disclaimer
This message (including any attachments) contains
confidential information intended for a specific
individual and purpose, and is protected by law.
If you are not the intended recipient, you should
delete this message and are hereby notified that
any disclosure, copying, or distribution of this
message, or the taking of any action based on it,
is strictly prohibited.
*********************************************************
Visit us at http://www.mahindrabt.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
