On 19.8.2010 22:35, aravidu wrote:
I created the keystore and truststore too. keystore has a PrivateKeyEntry
and truststore has a trustedCertEntry.
Are those self-signed certificates?
Could you provide exact commands you used to create them?
I believe you must have one key pair for server, and one key pair for
every client. In other words, at least two key pairs, in case you are
describing when there is only one client. Let those keys be called
ServerPublic, ServerPrivate, ClientPublic and ClientPrivate.
You should:
1. generate ServerPublic+ServerPrivate in tomcat.keystore file,
2. generate ClientPublic+ClientPrivate in, say, client.keystore file,
3. import ClientPublic in tomcat.truststore, and
4. import ClientPublic+ClientPrivate (usually in form of pkcs12 file) in
firefox ("Your certificates" tab inside certificate manager).
5. import ServerPublic in firefox
Something like this:
1. keytool -genkeypair -keystore tomcat.keystore ...
2. keytool -genkeypair -keystore client.keystore ...
3a. keytool -exportcert -keystore client.keystore -file client.cert ...
3b. keytool -importcert -keystore server.truststore -file client.cert ...
4a. convert client.keystore to client.pkcs12 (google for that)
4b. Firefox, Tools, Options, Advanced, View Certificates, Your
certificates, Import, client.pkcs12
5. Point firefox to webapp, add security exception.
Regards,
Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
