Thank you Christopher. Appreciate all your help. Please let me know if any additional info is required for the issue. Regarding the ssl connection, if I use with and without the -tls1 flag with the original certificate then it both cases it works fine. After doing the steps I mentioned initially, both are not working.
Thanks, Barc On Fri, May 22, 2015 at 7:13 PM, Christopher Schultz < [email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Ori, > > On 5/22/15 10:03 AM, Ori Raz wrote: > > Thank you Christopher for your reply. > > > > I always make a backup before changes :) luckily :) > > > > I reverted back and tried without deleting the entries and getting > > this: > > > > primeusr@sagi-vzadik-01 [~]# keytool -import -trustcacerts -alias > > tomcat -file > > /opt/primecentral/SHARED/certificate/vlg-cipr-pcpil1.megafon.ru.cer > > > > > - -keystore /opt/primecentral/install/utils/sslgen/prime.keystore > > Enter keystore password: keytool error: java.lang.Exception: Public > > keys in reply and keystore don't match primeusr@sagi-vzadik-01 [~]# > > keytool -import -trustcacerts -alias tomcat -file > > /opt/primecentral/SHARED/certificate/vlg-cipr-pcpil1.megafon.ru.cer > > > > > - -keystore /opt/primecentral/XMP_Platform/jre/lib/security/cacerts > > Enter keystore password: keytool error: java.lang.Exception: > > Certificate not imported, alias <tomcat> already exists > > primeusr@sagi-vzadik-01 [~]# > > > > > > Regarding the import you wrote - $ keytool -import -alias > > ${HOSTNAME} -file ${HOSTNAME}.crt -keystore${HOSTNAME}.jks > > > > Isnt that this one or am I missing something: keytool -importcert > > -file > > /opt/primecentral/SHARED/certificate/vlg-cipr-pcpil1.megafon.ru.cer > > > > > - -keystore /opt/primecentral/install/utils/sslgen/prime.keystore -alias > > tomcat > > I'll have a look at that later when I have more time. > > > as mentioned, catalina-<date>.log is empty... I cannot see any > > other relevant logs (if you can point me to other log -please do :) > > ) > > > > > > If I try to connect to ssl localy, then with the original > > certificate it workes, but with the new one - here is the output: > > primeusr@sagi-vzadik-01 [~]# openssl s_client -connect > > 10.56.57.65:8443 CONNECTED(00000003) 4954:error:14077410:SSL > > routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake > > failure:s23_clnt.c:583: primeusr@sagi-vzadik-01 [~]# openssl > > s_client -connect 127.0.0.1:8443 CONNECTED(00000003) > > 5050:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 > > alert handshake failure:s23_clnt.c:583: > > Try using the -tls1 flag for s_client (or -tls1_1, ot -tls1_2), since > ssl3 is dead and the handshake won't even work anymore. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBCAAGBQJVX2O6AAoJEBzwKT+lPKRYVUMQAJPV95HUDJ/fQvd3u3O8CB4C > haz+SHu8MdU4Vi2qpJY0pjz2rr0p035Sk7llS2dO3ByinEkQuMPazWPW6e7Q0qpp > bBVwBI0k3GPII35AtEEc5r47EI9vkfDTci23qr+qVbt0V9HY6EWS3rARbHDGGK3X > Y8fSEXZuTFp0JCrVPf5ShuuxfVcC/BBrofOmCWGqerpaAiwdEWEBjujLg/dzv4H5 > tFWhBQJSN7Bn8C0u+cYUaoCTy2UVD/0bWN7j6PPNb4ojAsI5grByv2akWbYedMRy > 4j3yt68KmGZQVAFprzNN6yuWKfSFiMQCbUTJR8qis3M+Kig/3Ikk9n3g+5vh+hGM > 2AD+aJCzhFWnOwecnInytNwUUz1SUs8unrg52XEaZQjQg1KRW/I6HwUfxQPlvTov > uIGDhZlvHom//SGNpO0bsII4n3z+okJPg+y26NksoevAQ/sOlXBOoi+CIgvr7Kvp > QYOmJmN3wKH0ae7IEFRlE7cOjz6cadbC6Go3yxOfsv64jsGu56lSH4IwThL3Bz24 > YtN6GeSJne223nMJ/kJykDmU5xspcq8BnhwvG+3UVKt9GVTv83xF1FaMZHAh934G > j56cugNRHOIYeT46IcsyzLeYRrDZEVr4CHXiz9OwoPwOthPlobUHvagtsA669/ja > R3LXaV99hAp7Aj0IsPpF > =KyJc > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
