Hi, Confirm if u want certificate for apache or tomcat? If it is apache then "filename.crt" file will work, but if it is for tomcat then u will need "filename.keystore" is required.
Below command is used to generate .key file in Linux using phase key openssl genrsa -des3 1024 > filename.key Below command is used to generate csr file in Linux openssl req -new -key /root/csr/filename.key > filename.csr ========================================== Step 1: Generate a keystore in pkcs12 format using the Certificate (.crt) and the Private Key (.key) files openssl pkcs12 -in <yourfile.crt> -inkey <yourfile.key> -export -out <keystore name> -name tomcat The keystore file will be generated into the folder where OpenSSL binary is located Step 2: Once the keystore is generated, configure the SSL factory in server.xml file to use it Example: <clientAuth="false" sslprotocol="TLS" keystoreFile="C:\Program\tomcat/keystore" keystorePass="mypassword" truststorePass="mypassword" keystoreType="pkcs12" /> Note :- Sometimes providerroot file is required. Ex. If i purchased my certificate from "thawte" then i will require "thawteroot.csr" and will merge this with my "filename.csr" and install on the server. Hope above solution works for you. Thanks, Ravi --- On Thu, 5/8/10, Tina Exner <tex...@picturesafe.de> wrote: From: Tina Exner <tex...@picturesafe.de> Subject: Re: [us...@httpd] Export CACertificate to Tomcat To: users@httpd.apache.org Date: Thursday, 5 August, 2010, 3:49 PM did nobody know a solution for this problem? hi all, we have a nexus multiid server for certificate authentication. i try to pass the client smartcard certificates from apache to tomcat server. the tomcat talks to the nexus and the authentication take effect. when i try to export the client ca certificate to the tomcat server i get the following errors: [Mon Aug 02 15:36:40 2010] [error] [client] Certificate Verification: Error (20): unable to get local issuer certificate [Mon Aug 02 15:36:40 2010] [error] [client] Re-negotiation handshake failed: Not accepted by client!? @Firefox: (Fehlercode: ssl_error_unknown_ca_alert) this is my ssl configuration: <IfModule ssl_module> SSLVerifyClient none SSLVerifyDepth 5 #SSLOptions +ExportCertData +StrictRequire +StdEnvVars +FakeBasicAuth SSLOptions +ExportCertData #SSLCACertificateFile conf/ssl/Certificate.cer </IfModule> <Location /nexus> SSLVerifyClient require SSLVerifyDepth 5 #SSLCACertificateFile /ps/apache2.2/testsystem1/conf/ssl/Certificate.crt #SSLOptions +ExportCertData +StrictRequire +StdEnvVars +FakeBasicAuth SSLOptions +ExportCertData +StdEnvVars #SSLRequireSSL </Location> my jk.conf: JkExtractSSL On JkHTTPSIndicator HTTPS JkSESSIONIndicator SSL_SESSION_ID JkCIPHERIndicator SSL_CIPHER JkCERTSIndicator SSL_CLIENT_CERT JkEnvVar SSL_CLIENT_CERT SSL_CLIENT_CERT JkOptions +ForwardSSLCertChain i use apache 2.2.13-3 and openssl 0.9.8a. Any hints on what might have gone wrong will be highly useful. regards Tin
