I wish you would read this email earlier. I thought if I use the default password (changeit), I don't need to have -storepass parameter. This morning I re-read extkeytool example and tried to put the storepass parameter and it works. After I imported my self-signed cert to JVM truststore, CAS client can trust CAS server.
Thank all of you for providing me all the valueable links and information. Lisa -----Original Message----- From: Morris Jones [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 15, 2007 10:48 AM To: Tomcat Users List; [EMAIL PROTECTED] Subject: Re: Self-Signed Certificate for Tomcat JVM and CAS Sorry I hadn't seen your message earlier when you posted it. But you should create the keystore with a keystore password. Did you do that? Cheers, Mojo Lisa Tan wrote: > After following the docs to generate self-signed pkcs12 key, I failed to import the key/certificate into my application with No password given for keystore, integrity will not be verified. What does the reason cause this error? > > I read some docs which ask to create an empty Java keystore and convert PEM formatted key to PKCS8 format. Why do I need to create an empty keystore? > > Thanks, > > Lisa > > ---- Original message ---- >> Date: Fri, 10 Aug 2007 18:25:56 -0700 >> From: "Bill Barker" <[EMAIL PROTECTED]> >> Subject: Re: Self-Signed Certificate for Tomcat JVM and CAS >> To: users@tomcat.apache.org >> >> >> "Lisa Tan" <[EMAIL PROTECTED]> wrote in message >> news:[EMAIL PROTECTED] >>> I don't know if this is a right list to ask this question. I tried to >>> configure shibboleth which uses Tomcat with CAS authentication. I received >>> an error: Unable to validate ProxyTicketValidator >>> >>> >>> >>> I did google search on this topic and understood the reason causing this >>> problem is Tomcat JVM doesn't trust the SSL cert of the CAS server. Since >>> I >>> am still in the testing stage, I can't get a CA certificate but the >>> self-signed certificate. >>> >>> >>> >>> If my understanding is correct, the self signed certificate via openssl >>> doesn't have jks format but Tomcat JVM only accept jks format certificate. >>> >> If you had read the friendly manual at >> http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html, you would know that >> this isn't true :). While it talks about the keystore, the truststore works >> the same way. So use openssl to create a pkcs12 file, specify this as the >> truststore, in whatever way you need to do from the CAS docs, and you should >> be good to go. >>> >>> I am just wondering if any one can give me some instruction how to create >>> a >>> self-signed certificate and private key which can be used or imported to >>> both Tomcat JVM and CAS server. >>> >>> >>> >>> Thanks, >>> >>> >>> >>> Lisa >>> >>> >>> >>> >>> >>> >> >> >> >> --------------------------------------------------------------------- >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] -- Morris Jones Monrovia, CA http://www.whiteoaks.com Old Town Astronomers http://www.otastro.org --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
