Hello,
My server.conf for ssl connector looks as follows:
* <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keyAlias="someAlias"
keystoreFile="/etc/tomcat/ssl/keystoreFile"
keystorePass="SomeSecretPassword" />
*
All files connected with SSL , including key store file, are located in *
/etc/tomcat/ssl/* directory.
"sec_error_bad_signature" is visible when I enter website from web browser
(FireFox).
Thank you in advance for a help.
Best Regards
--
Piotr Pawlowski
On 28 June 2011 17:14, Christopher Schultz <ch...@christopherschultz.net>wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Piotr,
>
> On 6/28/2011 9:28 AM, Piotr Pawlowski wrote:
> > Since yesterday I am trying to install to install certificate under
> Tomcat
> > (7.0.16) without luck.
>
> Which <Connector>? SSL configuration is different when using APR's SSL
> engine.
>
> > I received from my client three files: wildcard certificate (cert.crt) ,
> key
> > file (cert.key) and something what is not quite clear for me -
> cabundle.pem.
>
> That's the Certificate Authority's (CA) bundle file, including all
> public certs that the (web) client might need in order to build a chain
> of trust from the built-in root certs shipping with the browser to the
> certificate issued to your (business) client. It's in PEM format
> (http://www.openssl.org/docs/crypto/pem.html#PEM_ENCRYPTION_FORMAT).
>
> > I've successfully used some java script (
> > http://www.startux.de/images/phocadownload/importkey.java ) which
> > imports key and cert to one keystore file
>
> You could also use keytool, which comes with the JRE and which fits that
> exact purpose. The above is not java script (whatever that is), it's
> just Java.
>
> > [I] configured server.xml to use it
>
> How?
>
> > but now I receive error *"sec_error_bad_signature".
>
> Client side or server side?
>
> > I am not sure if I did it correctly.
>
> So, tell us what you did and maybe we can find the problem: what does
> your <Connector> definition look like in conf/server.xml? Remember to
> remove any passwords from it before you post. Also, give us the paths to
> all files you have on the disk to support the SSL configuration (key
> store, cert store, etc.).
>
> > Does anybody know how to correctly use existing wildcard cert, key
> > file ant this cabundle.pem together with Tomcat 7.0.16 ?
>
> I haven't used a wildcard cert before, but I suspect that the
> configuration is identical to that of a non-wildcard cert, since it's
> the (web) client that decides whether or not the cert is valid, not the
> server.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk4J7/AACgkQ9CaO5/Lv0PD/QwCggnxm3ZjfU+7Xk3yIL5XJ3C3O
> hMwAoIKNLqtEppI910PS53OrEUiK8x1z
> =QdSc
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
