to re-iterate the doc from IBM at
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/tsec_cekeen.html
"The keystore file is a key database file that contains both public keys
(Public keys are stored as signer certificates) and
private keys (private keys are stored in the personal certificates.)"
M-
This email message and any files transmitted with it contain confidential
information intended only for the person(s) to whom this email message is
addressed. If you have received this email message in error, please notify
the sender immediately by telephone or email and destroy the original
message without making a copy. Thank you.
----- Original Message -----
From: "Lisa Tan" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Saturday, August 11, 2007 6:23 PM
Subject: Re: Self-Signed Certificate for Tomcat JVM and CAS
After following the docs to generate self-signed pkcs12 key, I failed to
import the key/certificate into my application with No password given for
keystore, integrity will not be verified. What does the reason cause this
error?
I read some docs which ask to create an empty Java keystore and convert
PEM formatted key to PKCS8 format. Why do I need to create an empty
keystore?
Thanks,
Lisa
---- Original message ----
Date: Fri, 10 Aug 2007 18:25:56 -0700
From: "Bill Barker" <[EMAIL PROTECTED]>
Subject: Re: Self-Signed Certificate for Tomcat JVM and CAS
To: users@tomcat.apache.org
"Lisa Tan" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
I don't know if this is a right list to ask this question. I tried to
configure shibboleth which uses Tomcat with CAS authentication. I
received
an error: Unable to validate ProxyTicketValidator
I did google search on this topic and understood the reason causing this
problem is Tomcat JVM doesn't trust the SSL cert of the CAS server.
Since
I
am still in the testing stage, I can't get a CA certificate but the
self-signed certificate.
If my understanding is correct, the self signed certificate via openssl
doesn't have jks format but Tomcat JVM only accept jks format
certificate.
If you had read the friendly manual at
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html, you would know
that
this isn't true :). While it talks about the keystore, the truststore
works
the same way. So use openssl to create a pkcs12 file, specify this as the
truststore, in whatever way you need to do from the CAS docs, and you
should
be good to go.
I am just wondering if any one can give me some instruction how to
create
a
self-signed certificate and private key which can be used or imported to
both Tomcat JVM and CAS server.
Thanks,
Lisa
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
