Thanks Bill for the info.
Verisign gave me a cert.cer file. So I am not sure how to handle this. My
connector currently is this:
<Service name="Catalina">
<Connector port="80" // the normal http port />
// here is what I am working with that is currently commented out
// I was able to add the cert to the keystore using this:
keytool -import -alias <your alias> -keystore
<your_keystore> -trustcacerts -file <cert.cer>
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
// but this is the one that is working using openSSL and the certificate
made from the below link:
<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="15" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
scheme="https" secure="true"
SSLEngine="on"
SSLCertificateFile="C:\Tomcat\bin\server.crt"
SSLCertificateKeyFile="C:\Tomcat\bin\server.key" />
I am getting messed up because I am not sure what is the private key and
what is the public key as I am reading.
Verisign made me create a "keystore", then a "csr" file which I posted to
them, and then I received a "cert.cer" file back.
Originally I tried just doing this:
<Connector port="443" maxHttpHeaderSize="8192"
keystoreFile="C:/Tomcat/bin/uniqueKeystore"
keystorePass="unique10"
truststoreFile="C:/Tomcat/bin/cert.cer"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS" />
But it hung and never responded. That is when I tried doing the example from
the openssl notes.
?Thanks
Scott
----- Original Message -----
From: "Bill Barker" <[EMAIL PROTECTED]>
To: <users@tomcat.apache.org>
Sent: Saturday, December 03, 2005 6:09 PM
Subject: Re: Verisign Certificate Still Giving Me Troubles:
> Well, firstly, Verisign should have given you a cert.crt file :).
>
> Verisign uses an intermediate cert to sign with (available from their
site).
> Based on configuring mod_ssl I'm guessing that you need to download it and
> set:
> SSLCertificateChainFile="/path/to/int/cert.crt"
> in your <Connector> element.
>
> From the previous threads, I'm assuming that you are still using the APR
> connector. If you are using the Java connector, then simply import the
> intermediate cert into your keystore (and ignore the above).
>
> "Scott Purcell" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
>
>
>
> Hello,
>
> A few people helped me out last week, to get simple SSL running. IN
> particular Dhaval, Remy and Nate. Anyway, I have followed the directions
> from here: http://www.fatofthelan.com/articles/articles.php?pid=12 section
3
> and all works well.
>
> So that means my tomcat is all configured and happy.
>
> But this was a "generic" certificate. I gave Verisign a certreq.csr file
and
> they gave me a certificate last week and it was called cert.cer.
>
> I cannot for the life of me figure out how to get the certreq.csr working?
>
> I have been following these steps here:
> Based upon my knowledge,to incorporate Verisign certificate, steps are as
> follows:
> (Derived from http://www.fatofthelan.com/articles/articles.php?pid=12 )
> (1) openssl req -new -out server.csr (This will generate csr and private
> key. Make sure you feel
> the values correctly on openssl command prompt. )
> (2) openssl rsa -in privkey.pem -out server.key (This removes the
passphrase
> from the private key.
> Also delete generated .rnd file)
> (3) Here there are two (either or) possibilities:
>
>
> But honestly do not know where to substitute my "certreq.csr" that
verisign
> gave me in this equation.
>
> Regards
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
