Hi ,I had tried that was y also.. now i m able to get the SSL working with the thawte trial SSL certificate. but not with the Verisign yet. i dono why. Even after this importing the CA Certificate. i m getting the alert for non-Secure items. So is that the reason that i dont have the paid SSL certificate. or even the trail cert from thawte would behave as same as the paid one.
Thanks, Bhuvan P On Sun, Mar 15, 2009 at 4:24 AM, Bill Barker <wbar...@wilshire.com> wrote: > > "Bhuvanesh Pattanashetti" <bhuva...@gmail.com> wrote in message > news:bce69da80903122202i384a040cj66e5089fc14f6...@mail.gmail.com... > > HI All,thanks all for your suggestions. :-) > > > > Here are following some more details. > > > > I m using > > > > - tomcat 6.0, > > - JDK 1.6, > > - no i m not using keystore. > > - I m running on Xp with Spring-DM framework. > > connector is as follows. > > > > <Connector > > port="8443" minSpareThreads="5" maxSpareThreads="75" > > enableLookups="true" disableUploadTimeout="true" > > acceptCount="100" maxThreads="200" > > scheme="https" secure="true" SSLEnabled="true" > > keyAlias="aliasName" > > keystoreFile="KEeySrotePath" keystorePass="password" > > clientAuth="false" sslProtocol="TLS"/> > > > ^ > If you remove the keyAlias from | it will probably just work. > > > I have generated the keystore using keytool. > > Please suggest me further. > > > > > > > > > > > > On Fri, Mar 13, 2009 at 7:51 AM, Bill Barker <wbar...@wilshire.com> > wrote: > > > >> Willing to try and play psychic ;). > >> > >> Procedure 1 is what you want. But the keystore must be the same one > that > >> you used to create the CSR you sent to Verisign. This is by far the > >> second > >> most common mistake that people make when setting up Tomcat to use SSL. > >> As > >> Chuck suggested, check if you are using APR (the SSL configuration > >> options > >> are different, and APR can't use a JKS keystore). This is the most > >> common > >> mistake. Verisign has an intermediate cert as well. You'll likely need > >> to > >> import that as well. And of course, import the Verisign root cert. > >> > >> > >> "Bhuvanesh Pattanashetti" <bhuva...@gmail.com> wrote in message > >> news:bce69da80903120948v7c2f1693md9db7e74e6e3f...@mail.gmail.com... > >> > Hi all, > >> > I m trying to set up the SSL for tomcat server. I wanted to know what > >> > exactly is the procedure. > >> > here is what i have followed. > >> > > >> > Procedure 1. > >> > > >> > 1. Created my own keystore. > >> > 2. Imported the trial certificate (provided by Verisign ) into the > >> > keystore. > >> > 3. Added a ssl connector component in to the conf/server.xml into > >> tomcat > >> > configuration file. > >> > 4. Started the Server, When tried accessing connector port from > >> browser, > >> > I got cannot display the webpage. > >> > 5. > >> > > >> > procedure 2 : > >> > > >> > 1. Created my own keystore. > >> > 2. Imported the trial certificate (provided by Verisign ) into the > >> > keystore. > >> > 3. Imported the trial certificate (provided by Verisign ) into the > >> > cacerts from jre/lib/security/cacerts. > >> > 4. Added a ssl connector component in to the conf/server.xml into > >> tomcat > >> > configuration file mentioning keyAlias pointing to imported > >> > certificate > >> > alias. > >> > 5. Started the Server, at start up i got the folliwing exception > >> > > >> > java.io.IOException: Alias name mykeyalias does not identify a key > >> entry > >> > > >> > I had importing the root certificate or intrmediate certificate first > >> > before > >> > importing trial verisign certificate suggested by tomcat. > >> > But none of the things are working :-( please suggest me. > >> > thanks in advance. > >> > Bhuvan P > >> > > >> > >> > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
