Chris,

On 18.12.2012 20:44, Christopher Schultz wrote:
If you are using curl just to check the certificate or test HTTPS,
it is easier and faster to do that with your favorite web browser.

Better yet, use sslscan.

Nice tool, thank you for the tip.


You seem to be confused by the fact that curl and Java are using
different files and different formats for managing CA
certificates.

Nope, curl doesn't care: X509 certificates are exchanged in a standard
way.

Sure, TLS protocol defines certificate exchange regardles of the TLS/HTTPS client. I was actually reffering to files (and formats) in which curl and Java clients look for trusted certificates, as elaborated further:

Java is using its own .jks format, while curl uses PEM format.
Java stores system wide trusted CA certificates in file
"$JAVA_HOME/jre/lib/security/cacerts" (where you tried to import
your self signed certificate in step #4), while curl reads them
from file "ca-bundle.crt" (where your certificate is not stored,
hence the error). I believe default location for file ca-bundle.crt
in Red Hat is /etc/pki/tls/certs.

OP tried to import certificate into Java system-wide truststore, while curl looks up at the OpenSSL CA bundle.

-Ognjen

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to