Rommel Sharma wrote:
What I can say is this: 1. In keystoreFile attribute provide the complete path (C:\MyCertFolder\mykeystore.ks) Same for truststore.
2. Where do I specify the file that store the client's certificate? In your client code that makes a call to the https specify the location of the keystore and in the server side code that you will will write, get the message context (someting like: MessageContext context = MessageContext.getCurrentContext(); ... HttpServletRequest req = (HttpServletRequest)context .getProperty (HTTPConstants.MC_HTTP_SERVLETREQUEST);
// and the code to match the client certificate with the client keystore on the server // so you specify its location on the server having the same client keystore... )
Hope this helps, Regards, Rommel.
----- Original Message ----- From: "Alex Chen" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Wednesday, February 25, 2004 11:30 PM Subject: Using HTTPS with keystore and trust store files
Hi, I am trying to set up Tomcat for HTTPS connection with keystore and truststore files. I want to use Tomcat as the web server so the port number is 80 and 443 for HTTP and HTTPS, respectively. I am running Tomcat on Windows XP.
Here is the 'Connector' entry in %CATALINA_HOME%\conf\server.xml. <Connector port="443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="true" sslProtocol="TLS" keystoreFile="server.ks" keystoreType="JCEKS" keystorePass="changeit" truststoreFile="server.ts" truststoreType="JCEKS" > </Connector>
When I start tomcat, I get the following error:
java.io.FileNotFoundException: server.ks (The system cannot find the file specif ied) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:106) at java.io.FileInputStream.<init>(FileInputStream.java:66) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket Factory.java:262) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc ketFactory.java:232) ......
I tried to put the file in different places, the user's home directory in C:\Documents and Settings\%user%\, %CATALINA_HOME%\, %CATALINA_HOME%\webapps, %CATALINA_HOME%\webapps\ROOT, but they all failed.
My questions are: 1. Where should the keystore file be stored if I set the 'keystoreFile' attribute in Connector element?
2. If I set 'clientAuth' to true, shouldn't there be a place to store the the client's certificate, i.e. the truststore? Where do I specify the file that store the client's certificate? I saw the truststoreFile attribute in an example from http://www.j2ee-security.net/book/sample-chap/ It sets this attribute in a 'Factory' subelement. But that is for Tomcat 4.X.
Any help is appreciated.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
********************************************************* Disclaimer
This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this
message, or the taking of any action based on it, is strictly prohibited.
********************************************************* Visit us at http://www.mahindrabt.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
