-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Ori,
On 5/22/15 10:03 AM, Ori Raz wrote:
> Thank you Christopher for your reply.
>
> I always make a backup before changes :) luckily :)
>
> I reverted back and tried without deleting the entries and getting
> this:
>
> primeusr@sagi-vzadik-01 [~]# keytool -import -trustcacerts -alias
> tomcat -file
> /opt/primecentral/SHARED/certificate/vlg-cipr-pcpil1.megafon.ru.cer
>
>
- -keystore /opt/primecentral/install/utils/sslgen/prime.keystore
> Enter keystore password: keytool error: java.lang.Exception: Public
> keys in reply and keystore don't match primeusr@sagi-vzadik-01 [~]#
> keytool -import -trustcacerts -alias tomcat -file
> /opt/primecentral/SHARED/certificate/vlg-cipr-pcpil1.megafon.ru.cer
>
>
- -keystore /opt/primecentral/XMP_Platform/jre/lib/security/cacerts
> Enter keystore password: keytool error: java.lang.Exception:
> Certificate not imported, alias <tomcat> already exists
> primeusr@sagi-vzadik-01 [~]#
>
>
> Regarding the import you wrote - $ keytool -import -alias
> ${HOSTNAME} -file ${HOSTNAME}.crt -keystore${HOSTNAME}.jks
>
> Isnt that this one or am I missing something: keytool -importcert
> -file
> /opt/primecentral/SHARED/certificate/vlg-cipr-pcpil1.megafon.ru.cer
>
>
- -keystore /opt/primecentral/install/utils/sslgen/prime.keystore -alias
> tomcat
I'll have a look at that later when I have more time.
> as mentioned, catalina-<date>.log is empty... I cannot see any
> other relevant logs (if you can point me to other log -please do :)
> )
>
>
> If I try to connect to ssl localy, then with the original
> certificate it workes, but with the new one - here is the output:
> primeusr@sagi-vzadik-01 [~]# openssl s_client -connect
> 10.56.57.65:8443 CONNECTED(00000003) 4954:error:14077410:SSL
> routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
> failure:s23_clnt.c:583: primeusr@sagi-vzadik-01 [~]# openssl
> s_client -connect 127.0.0.1:8443 CONNECTED(00000003)
> 5050:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3
> alert handshake failure:s23_clnt.c:583:
Try using the -tls1 flag for s_client (or -tls1_1, ot -tls1_2), since
ssl3 is dead and the handshake won't even work anymore.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVX2O6AAoJEBzwKT+lPKRYVUMQAJPV95HUDJ/fQvd3u3O8CB4C
haz+SHu8MdU4Vi2qpJY0pjz2rr0p035Sk7llS2dO3ByinEkQuMPazWPW6e7Q0qpp
bBVwBI0k3GPII35AtEEc5r47EI9vkfDTci23qr+qVbt0V9HY6EWS3rARbHDGGK3X
Y8fSEXZuTFp0JCrVPf5ShuuxfVcC/BBrofOmCWGqerpaAiwdEWEBjujLg/dzv4H5
tFWhBQJSN7Bn8C0u+cYUaoCTy2UVD/0bWN7j6PPNb4ojAsI5grByv2akWbYedMRy
4j3yt68KmGZQVAFprzNN6yuWKfSFiMQCbUTJR8qis3M+Kig/3Ikk9n3g+5vh+hGM
2AD+aJCzhFWnOwecnInytNwUUz1SUs8unrg52XEaZQjQg1KRW/I6HwUfxQPlvTov
uIGDhZlvHom//SGNpO0bsII4n3z+okJPg+y26NksoevAQ/sOlXBOoi+CIgvr7Kvp
QYOmJmN3wKH0ae7IEFRlE7cOjz6cadbC6Go3yxOfsv64jsGu56lSH4IwThL3Bz24
YtN6GeSJne223nMJ/kJykDmU5xspcq8BnhwvG+3UVKt9GVTv83xF1FaMZHAh934G
j56cugNRHOIYeT46IcsyzLeYRrDZEVr4CHXiz9OwoPwOthPlobUHvagtsA669/ja
R3LXaV99hAp7Aj0IsPpF
=KyJc
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
