-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Ori,
On 5/27/15 3:29 AM, Ori Raz wrote: > Hi Christopher, We are still not capable to apply our self > certifications... > > Is there any document/guide (even a scratch notes you might have :) > ) for a walkthrough for the whole procedure (e.g A-Z from creating > the certifications and applying them)? We decided to start the > procedure from scratch... > > I can see only some hints in forums but no organized document or > procedure... What about this one? http://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html#Quick_Start - -chris > On Sat, May 23, 2015 at 10:22 AM, Ori Raz <fcb...@gmail.com> > wrote: > >> Thank you Christopher. Appreciate all your help. Please let me >> know if any additional info is required for the issue. Regarding >> the ssl connection, if I use with and without the -tls1 flag with >> the original certificate then it both cases it works fine. After >> doing the steps I mentioned initially, both are not working. >> >> Thanks, Barc >> >> On Fri, May 22, 2015 at 7:13 PM, Christopher Schultz < >> ch...@christopherschultz.net> wrote: >> > Ori, > > On 5/22/15 10:03 AM, Ori Raz wrote: >>>>> Thank you Christopher for your reply. >>>>> >>>>> I always make a backup before changes :) luckily :) >>>>> >>>>> I reverted back and tried without deleting the entries and >>>>> getting this: >>>>> >>>>> primeusr@sagi-vzadik-01 [~]# keytool -import -trustcacerts >>>>> -alias tomcat -file >>>>> /opt/primecentral/SHARED/certificate/vlg-cipr-pcpil1.megafon.ru.ce r >>>>> >>>>> > >>>>> - -keystore /opt/primecentral/install/utils/sslgen/prime.keystore >>>>> Enter keystore password: keytool error: >>>>> java.lang.Exception: Public keys in reply and keystore >>>>> don't match primeusr@sagi-vzadik-01 [~]# keytool -import >>>>> -trustcacerts -alias tomcat -file >>>>> /opt/primecentral/SHARED/certificate/vlg-cipr-pcpil1.megafon.ru.ce r >>>>> >>>>> > >>>>> - -keystore /opt/primecentral/XMP_Platform/jre/lib/security/cacerts >>>>> Enter keystore password: keytool error: >>>>> java.lang.Exception: Certificate not imported, alias >>>>> <tomcat> already exists primeusr@sagi-vzadik-01 [~]# >>>>> >>>>> >>>>> Regarding the import you wrote - $ keytool -import -alias >>>>> ${HOSTNAME} -file ${HOSTNAME}.crt -keystore${HOSTNAME}.jks >>>>> >>>>> Isnt that this one or am I missing something: keytool >>>>> -importcert -file >>>>> /opt/primecentral/SHARED/certificate/vlg-cipr-pcpil1.megafon.ru.ce r >>>>> >>>>> > >>>>> - -keystore /opt/primecentral/install/utils/sslgen/prime.keystore -alias >>>>> tomcat > > I'll have a look at that later when I have more time. > >>>>> as mentioned, catalina-<date>.log is empty... I cannot see >>>>> any other relevant logs (if you can point me to other log >>>>> -please do :) ) >>>>> >>>>> >>>>> If I try to connect to ssl localy, then with the original >>>>> certificate it workes, but with the new one - here is the >>>>> output: primeusr@sagi-vzadik-01 [~]# openssl s_client >>>>> -connect 10.56.57.65:8443 CONNECTED(00000003) >>>>> 4954:error:14077410:SSL >>>>> routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake >>>>> failure:s23_clnt.c:583: primeusr@sagi-vzadik-01 [~]# >>>>> openssl s_client -connect 127.0.0.1:8443 >>>>> CONNECTED(00000003) 5050:error:14077410:SSL >>>>> routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake >>>>> failure:s23_clnt.c:583: > > Try using the -tls1 flag for s_client (or -tls1_1, ot -tls1_2), > since ssl3 is dead and the handshake won't even work anymore. > > -chris >>> >>> -------------------------------------------------------------------- - - >>> >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >> > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVZzd5AAoJEBzwKT+lPKRYpZYP/iOwWOjo/c6s6ghDahKDXvQM fdm4HjLbMkXrhhqH7KsqUxQc/MTckv/Gx6Hl1glXoRvSwGVB1jvwwt/YA+H6vEX5 rN/2EfpJmcUq1vtPTBNdfehSrZeg9PKDrWuZT7gyBgurtPOh3trZDfRSQVBbunvf CD2oIQ2YHYyJ1mqGl6t0n65Y0YNDoxIB5sxQNE0njykYghIUtuw50Pq6cqKEL45B Nq1SPwUM0HU9MjA+58WzoqTzsPz9s1o0mNwaIZyxB2C1Gny5GPfUGnrjaVE1FhUp U6xXQFW5pl7/W2j1sh+2sJ/PY96dn5M/5XvWfHoh+4D9O9Y+/Cdk5T0iIQ/K/leV l1dHELEIQp4oDMawmOAhLXdf6pzSmgapR4DfaX5WgNRPp0XQ2cI8tco1duQ8KGZv uBFo8wtYo+bIxlk59GmdRhR+2RTVyBHEfKJibE95e5djV1xfkZzUK7V6xkjVxyw1 ExCSJEKRphgDe1awi7SXVtVu/88r1Oy5HOkWM1DkYYQBCLnn2HHyoRkf44w1V9qv NY6LVRofFrohUR/L3aUG+ZIbn2Icydmn8CsIgPwStrMt8x4O4q42MBsWxIYw52EO SU53WGeBUp8xPKgTk4OIO5R0Q8siSpNGDWnsLS+I+exv2lmsAcmTnf4Fa4gn8Okf AgoluzfntLqqOUatRvNk =bksW -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
