Hello, My server.conf for ssl connector looks as follows:
* <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keyAlias="someAlias" keystoreFile="/etc/tomcat/ssl/keystoreFile" keystorePass="SomeSecretPassword" /> * All files connected with SSL , including key store file, are located in * /etc/tomcat/ssl/* directory. "sec_error_bad_signature" is visible when I enter website from web browser (FireFox). Thank you in advance for a help. Best Regards -- Piotr Pawlowski On 28 June 2011 17:14, Christopher Schultz <ch...@christopherschultz.net>wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Piotr, > > On 6/28/2011 9:28 AM, Piotr Pawlowski wrote: > > Since yesterday I am trying to install to install certificate under > Tomcat > > (7.0.16) without luck. > > Which <Connector>? SSL configuration is different when using APR's SSL > engine. > > > I received from my client three files: wildcard certificate (cert.crt) , > key > > file (cert.key) and something what is not quite clear for me - > cabundle.pem. > > That's the Certificate Authority's (CA) bundle file, including all > public certs that the (web) client might need in order to build a chain > of trust from the built-in root certs shipping with the browser to the > certificate issued to your (business) client. It's in PEM format > (http://www.openssl.org/docs/crypto/pem.html#PEM_ENCRYPTION_FORMAT). > > > I've successfully used some java script ( > > http://www.startux.de/images/phocadownload/importkey.java ) which > > imports key and cert to one keystore file > > You could also use keytool, which comes with the JRE and which fits that > exact purpose. The above is not java script (whatever that is), it's > just Java. > > > [I] configured server.xml to use it > > How? > > > but now I receive error *"sec_error_bad_signature". > > Client side or server side? > > > I am not sure if I did it correctly. > > So, tell us what you did and maybe we can find the problem: what does > your <Connector> definition look like in conf/server.xml? Remember to > remove any passwords from it before you post. Also, give us the paths to > all files you have on the disk to support the SSL configuration (key > store, cert store, etc.). > > > Does anybody know how to correctly use existing wildcard cert, key > > file ant this cabundle.pem together with Tomcat 7.0.16 ? > > I haven't used a wildcard cert before, but I suspect that the > configuration is identical to that of a non-wildcard cert, since it's > the (web) client that decides whether or not the cert is valid, not the > server. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk4J7/AACgkQ9CaO5/Lv0PD/QwCggnxm3ZjfU+7Xk3yIL5XJ3C3O > hMwAoIKNLqtEppI910PS53OrEUiK8x1z > =QdSc > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >