On 27/10/2012 10:09 AM, "Gabriel Huerta Araujo" <huert...@hildebrando.com> wrote: > > I used logangha(which is my computer name) instead of localhost but again I had to click the Information bar to display the content (not recommended). >
So you got the cert for logangha??? Again, you should match the name of the domain you got the certificate for not the server name. Meaning you need dns resolution for that name on your server or local network to point to the ip of the server. Thats easy done in linux by editing the /etc/hosts file, not sure about windows. Google is your friend i think there should be simmilar file too. > > Regards. > > ----- Original Message ----- > From: "Igor Cicimov" <icici...@gmail.com> > To: "Tomcat Users List" <users@tomcat.apache.org> > Sent: Friday, October 26, 2012 5:41:59 PM > Subject: Re: Implementing SSL and error invocating > https://localhost:8443/(Tomcat 7.0 on Windows 7) > > On 27/10/2012 9:37 AM, "Gabriel Huerta Araujo" <huert...@hildebrando.com> > wrote: > > > > I have followed below steps: > > > > 1.- Erase keytore > > keytool -delete -keystore .keystore -storepass x_men_gha > > > > 2.- List to verify if it has been deleted. > > keytool -list -storepass x_men_gha > > Tipo de almacÚn de claves: JKS > > Proveedor de almacÚn de claves: SUN > > > > Su almacÚn de claves contiene 0 entradas > > > > 3.- Create as stated: > > keytool -genkey -alias tomcat -keyalg RSA > > Escriba la contrase±a del almacÚn de claves: > > La contrase±a del almacÚn de claves es demasiado corta, debe tener al > menos 6 ca > > racteres > > Escriba la contrase±a del almacÚn de claves: > > ┐Cußles son su nombre y su apellido? > > [Unknown]: Gabriel Huerta > > ┐Cußl es el nombre de su unidad de organizaci¾n? > > [Unknown]: Desarrollo > > ┐Cußl es el nombre de su organizaci¾n? > > [Unknown]: Hildebrando > > ┐Cußl es el nombre de su ciudad o localidad? > > [Unknown]: Queretaro > > ┐Cußl es el nombre de su estado o provincia? > > [Unknown]: Santiago > > ┐Cußl es el c¾digo de paÝs de dos letras de la unidad? > > [Unknown]: MX > > ┐Es correcto CN=Gabriel Huerta, OU=Desarrollo, O=Hildebrando, > L=Queretaro, ST=Sa > > ntiago, C=MX? > > [no]: y > > > > Escriba la contrase±a clave para <tomcat> > > (INTRO si es la misma contrase±a que la del almacÚn de claves): > > > > > > 4.- List to verify it: > > C:\Users\Gabriel Huerta>keytool -list > > Escriba la contrase±a del almacÚn de claves: > > > > Tipo de almacÚn de claves: JKS > > Proveedor de almacÚn de claves: SUN > > > > Su almacÚn de claves contiene entrada 1 > > > > tomcat, 26/10/2012, PrivateKeyEntry, > > Huella digital de certificado (MD5): > 00:37:8B:7F:F1:A4:B6:EE:8F:00:69:95:0A:A8:AD:14 > > > > > > 5.- Import certificate as stated for Tomcat documentation: > > For Verisign.com trial certificates go to: > http://www.verisign.com/support/verisign-intermediate-ca/Trial_Secure_Server_Root/index.html > > > > Once there I followed instructions where says "Click here to go to the > Installation Instructions", basically I copied below message and pasted it > into a file named certif.cer: > > -----BEGIN CERTIFICATE----- > > MIIEVzCCAz+gAwIBAgIQFoFkpCjKEt+rEvGfsbk1VDANBgkqhkiG9w0BAQUFADCB > > jDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTAwLgYDVQQL > > EydGb3IgVGVzdCBQdXJwb3NlcyBPbmx5LiAgTm8gYXNzdXJhbmNlcy4xMjAwBgNV > > BAMTKVZlcmlTaWduIFRyaWFsIFNlY3VyZSBTZXJ2ZXIgUm9vdCBDQSAtIEcyMB4X > > DTA5MDQwMTAwMDAwMFoXDTI5MDMzMTIzNTk1OVowgYwxCzAJBgNVBAYTAlVTMRcw > > FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEwMC4GA1UECxMnRm9yIFRlc3QgUHVycG9z > > ZXMgT25seS4gIE5vIGFzc3VyYW5jZXMuMTIwMAYDVQQDEylWZXJpU2lnbiBUcmlh > > bCBTZWN1cmUgU2VydmVyIFJvb3QgQ0EgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQAD > > ggEPADCCAQoCggEBAMCJggWnSVAcIomnvCFhXlCdgafCKCDxVSNQY2jhYGZXcZsq > > ToJmDQ7b9JO39VCPnXELOENP2+4FNCUQnzarLfghsJ8kQ9pxjRTfcMp0bsH+Gk/1 > > qLDgvf9WuiBa5SM/jXNvroEQZwPuMZg4r2E2k0412VTq9ColODYNDZw3ziiYdSjV > > fY3VfbsLSXJIh2jaJC5kVRsUsx72s4/wgGXbb+P/XKr15nMIB0yH9A5tiCCXQ5nO > > EV7/ddZqmL3zdeAtyGmijOxjwiy+GS6xr7KACfbPEJYZYaS/P0wctIOyQy6CkNKL > > o5vDDkOZks0zjf6RAzNXZndvsXEJpQe5WO1avm8CAwEAAaOBsjCBrzAPBgNVHRMB > > Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkw > > VzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZ > > LjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjAdBgNVHQ4E > > FgQUSBnnkm+SnTRjmcDwmcjWpYyMf2UwDQYJKoZIhvcNAQEFBQADggEBADuswa8C > > 0hunHp17KJQ0WwNRQCp8f/u4L8Hz/TiGfybnaMXgn0sKI8Xe79iGE91M7vrzh0Gt > > ap0GLShkiqHGsHkIxBcVMFbEQ1VS63XhTeg36cWQ1EjOHmu+8tQe0oZuwFsYYdfs > > n4EZcpspiep9LFc/hu4FE8SsY6MiasHR2Ay97UsC9A3S7ZaoHfdwyhtcINXCu2lX > > W0Gpi3vzWRvwqgua6dm2WVKJfvPfmS1mAP0YmTcIwjdiNXiU6sSsJEoNlTR9zCoo > > 4oKQ8wVoWZpbuPZb5geszhS7YsABUPIAAfF1YQCiMULtpa6HFzzm7sdf72N3HfwE > > aQNg95KnKGrrDUI= > > -----END CERTIFICATE----- > > > > Below are all instructions stated for this place which I have follwed: > > > > Installation Instructions > > For Microsoft Browsers > > > > 1.Click on the "Secure Site Trial Root Certificate" link above. > > 2.Save the certificate into a file with a .cer extension. > > 3.Open a Microsoft IE Browser. > > 4.Go to Tools > Internet Options > Content > Certificates > > 5.Click Import. A certificate manager Import Wizard will appear. Click > Next. > > 6.Browse to the location of the recently stored root (done in step 2). > Select ALL files for file type. > > 7.Select the certificate and click Open. > > 8.Click Next. > > 9.Select "Automatically select the certificate store based on the type of > the certificate". Click Ok. > > 10.Click Next then Finish. > > 11.When prompted and asked if you wish to add the following certificate > to the root store, click Yes. > > > > For last step I was not asked to add trial certificate to the root store. > > > > > > I did not do below steps(stated from Tomcat documentation), because these > ones require keystore file: > > > > "Import the Chain Certificate into your keystore > > > > keytool -import -alias root -keystore <your_keystore_filename> \ > > -trustcacerts -file <filename_of_the_chain_certificate> > > > > > > And finally import your new Certificate > > > > keytool -import -alias tomcat -keystore <your_keystore_filename> \ > > -file <your_certificate_filename>" > > > > > > > > 6.- Restart tomcat: It did not generate any error, but when I open IE > with link https://localhost:8443/ > > appears below message: > > > > There is a problem with the security certificate for this site > > Go to this website (not recommended). > > > > When I clicked on this message (Go to this website (not recommended), it > is showed Tomcat page but in the IE's toolbar > > indicates "Certificate Error". My question here is how do I disappear > this annoying indication?. > > > > Use the server name you got the certificate for in the link instead of > localhost. > > > > > Regards > > > > ----- Original Message ----- > > From: "Christopher Schultz" <ch...@christopherschultz.net> > > To: "Tomcat Users List" <users@tomcat.apache.org> > > Sent: Friday, October 26, 2012 2:29:28 PM > > Subject: Re: Implementing SSL and error invocating https://localhost:8443/(Tomcat 7.0 on Windows 7) > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Gabriel, > > > > On 10/26/12 11:57 AM, Gabriel Huerta Araujo wrote: > > > Regarding password I run keytool indicating my password which is > > > the same as the indicated in my connector section: > > > > > > keytool -list -keystore .keystore -storepass x_men_gha Tipo de > > > almacén de claves: JKS Proveedor de almacén de claves: SUN > > > > > > Su almacén de claves contiene 2 entradas > > > > > > root, 24/10/2012, trustedCertEntry, Huella digital de certificado > > > (MD5): E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 tomcat, > > > 24/10/2012, trustedCertEntry, Huella digital de certificado (MD5): > > > E2:FF:EB:EF:B5:FA:85:2F:B4:85:FC:1B:1E:0E:94:37 > > > > I don't usually use keystores... do the "root" and "tomcat" strings in > > there indicate the "alias" for each entry? > > > > Hmm... when I create a keystore like this: > > > > $ keytool -genkey -alias tomcat -keyalg RSA > > > > $ keytool -list > > Keystore type: JKS > > Keystore provider: SUN > > > > Your keystore contains 1 entry > > > > tomcat, Oct 26, 2012, PrivateKeyEntry, > > Certificate fingerprint (SHA1): > > C1:8A:4F:EF:80:AB:41:8E:10:B4:98:6B:C4:EE:58:7E:7A:F2:8C:A8 > > > > Note the "PrivateKeyEntry" in there: you need to have the > > certificate's private key available in order to unlock the > > certificate. Can you try re-creating your keystore and posting all the > > commands you use? > > > > - -chris > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > > Comment: GPGTools - http://gpgtools.org > > Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ > > > > iEYEARECAAYFAlCK5JgACgkQ9CaO5/Lv0PB43gCgusGt82p+037mjGlwk0UsFtQ9 > > cBoAmwZrEYkIXxNjW7MF/Mqk9raXdhyB > > =9CMe > > -----END PGP SIGNATURE----- > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
