Hello, Thanks for the advise - ive tried various permutations of trying to use an exisiting CA signed X509 certificate to enable SSL with tomcat. From reading various mailing lists it appears this is a frequent problem but one that many people have solved using the solutions I have tried - perhaps Im missing something? My environment is Java 1.5.0_06, Tomcat 5.5.12, Fedora Core 4, my certificate is signed my the eScience CA in the UK.
Here are my findings ... Splitting the p12 file into a crt and key: In the conf/server.xml <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEngine="on" SSLCertificateFile="certificate.crt" SSLCertificateKeyFile="certificate.key" SSLPassword="pass" /> Error message splitting the p12 file into crt and key: java.io.FileNotFoundException: /home/jm/.keystore (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:106) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:279) ....... It appears that Tomcat 5.5.12 is ignorning my configuration of the https connector and looking for the default JKS keystore - which I hadnt created - therefore I created the keystore adding a self-signed certificate and yes it enabled https connection but not using the intended certificates so effectively this does not work either. Using the p12 file as the keystore: In conf/server.xml <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12" keystoreFile=".p12" keystorePass="pass"/> Error message using p12 file as keystore: Could not establish an encrypted connection because certificate presented by localhost is invalid or corrupted. Error Code: -8101 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: Netscape cert type does not permit use for SSL server Finally, adding my p12 CA signed certificate programmatically into a JKS keystore with the root CA certificate added as: keytool -import -keystore my.keystore -storepass pass -alias eScienceRoot -file /downloads/cacert.crt In the conf/server.xml <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/home/jm/jm.keystore" keystorePass="pass"/> Error message from adding p12 into a JKS keystore: Could not establish an encrypted connection because certificate presented by localhost is invalid or corrupted. Error Code: -8101 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: Netscape cert type does not permit use for SSL server Thanks, Julie. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]