Hi,
I have a ca signed p12 file from which I can extract both a certificate and
key in pem format - I found some info (http://www.junlu.com/msg/85393.html)
which states that you can use a p12 file as a keystore in tomcat by adding
the following into the conf/server.xml file:
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12"
keystoreFile="file.p12" keystorePass="somePass" />
When I tried this it failed with the error message:
Mar 15, 2006 11:06:50 AM
org.apache.tomcat.util.net.puretls.PureTLSSocketFactory init
INFO: Error initializing SocketFactory
java.io.IOException: Couldn't find private key in this file
at
COM.claymoresystems.ptls.SSLContext.loadEAYKeyFile(SSLContext.java:242)
at
COM.claymoresystems.ptls.SSLContext.loadEAYKeyFile(SSLContext.java:201)
at
org.apache.tomcat.util.net.puretls.PureTLSSocketFactory.init(PureTLSSocketFactory.java:134)
at
org.apache.tomcat.util.net.puretls.PureTLSSocketFactory.createSocket(PureTLSSocketFactory.java:69)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292)
at
org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:137)
at
org.apache.catalina.connector.Connector.initialize(Connector.java:1016)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java:580)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:762)
at org.apache.catalina.startup.Catalina.load(Catalina.java:488)
at org.apache.catalina.startup.Catalina.load(Catalina.java:508)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
Mar 15, 2006 11:06:50 AM org.apache.coyote.http11.Http11BaseProtocol init
SEVERE: Error initializing endpoint
Im not sure what to do - I would apprecipate some help.
Env: Tomcat 5.5.12. Java 1.5.0_06, Fedora 4.
Thanks,
Julie.
On Wednesday 08 March 2006 20:01, Dhaval Patel wrote:
> Hi,
>
> As I have told you before, those instructions are not working as expected
> against authority signed (not self-signed) certifcates.
>
> You might have to go through mail-archive of tomcat users list to find
> more ways to solve this. I am sure there is a solution for this.
>
> Tomcat gurus, please help !!!
>
> Regards,
> D
>
> --- Julie McCabe <[EMAIL PROTECTED]> wrote:
> > Hello,
> >
> > Thanks for the advice, I had installed the APR as tomcat was failing to
> > shutting down in Windows without it.
> >
> > Since my overall objective is to use an existing X509 certificate signed
> > by an academic CA (not Versign or Thwate) I decided to try the openssl.
> > I followed the steps outlined in the
> > http://www.mail-archive.com/users%40tomcat.apache.org/msg02500.html
> >
> > I have an existing p12 file which is split into a key and a certificate,
> > I only performed the
> > openssl rsa -in userkey.pem -out server.key
> > command to replace the passphrase from the private key.
> >
> > I edited the conf/server.xml file as directed and pointed the
> > SSLCertificateFile to the usercert.pem file and the SSLCertificateKeyFile
> > to the generated server.key file.
> >
> > I started tomcat - no errors in the logs and when I try to connect on
> > https://localhost:8443
> > I receive the following alert:
> >
> > "Could not establish an encrypted connection because the certificate
> > presented by localhost is invalid or corrupted. Error Code: -8101"
> >
> > The CA root certificate whom has signed my certificate is loaded into the
> > browser (along with my certificate).
> >
> > It seems like its a problem with my certificates?
> >
> > Thanks,
> > Julie.
> >
> > On Wednesday 08 March 2006 13:31, Dhaval Patel wrote:
> > > Hi,
> > >
> > > Based upon your description, I think you are trying to use JSSE way to
> > > enable SSL. Tomcat 5.5 has two ways to enable SSL: 1) JSSE 2) OpenSSL.
> > >
> > > If you are trying with JSSE, please remove tcnative-1.dll from your
> > > TOMCAT_HOME\bin directory. It should work fine.
> > >
> > > If you want to know how to do with OpenSSL, please go to:
> > > http://www.mail-archive.com/users%40tomcat.apache.org/msg02500.html
> > >
> > > Steps described in above URL are 100% working when you don't have
> > > Versign/Thwate signed certificate. It is not case here I believe. :)
> > >
> > > Let us know how it goes.
> > >
> > > Regards,
> > > D
> > >
> > > --- Julie McCabe <[EMAIL PROTECTED]> wrote:
> > > > Hi,
> > > >
> > > > Ive configure SSL support as per documentation - I created the
> > > > keystore and a self - signed certificate with the default password,
> > > > uncommented the 8443 connector for https in the conf/server.xml file.
> > > >
> > > > The problem is that I cannot connect to https://localhost:8443 via
> > > > the browser, in the log file there are no errors and it appears as
> > > > the 8443 port is open as:
> > > > INFO: Starting Coyote HTTP/1.1 on http-8443
> > > >
> > > > Nothing is logged to the log file when access to 8443 is attempted,
> > > > the browser processes and eventually times out with the following
> > > > alert:
> > > >
> > > > The connection to localhost:8443 has terminated unexpectedly. Some
> > > > data may have been transferred.
> > > >
> > > > Environment: Java 1.5.0_04, Tomcat 5.5.12, Windows XP
> > > >
> > > > Regards,
> > > > Julie.
> > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Tired of spam? Yahoo! Mail has the best spam protection around
> > > http://mail.yahoo.com
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
