Re: Problem bringing up SSL with a CA certificate

Mon, 23 Jan 2012 14:55:09 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

James,

On 1/18/12 12:37 PM, James Lampert wrote:
> So far, I've had complete success using self-signed certificates,
> both here and on the customer box, once I found out that the CN
> needs to match the domain name.

;)

> But now, we're trying to get the customer box up on a CA-signed 
> certificate, and Tomcat doesn't like it. (Given that we haven't
> done it on our own box, it's kind of a case of the blind leading
> the blind.) We had our contact with the customer follow the
> procedure given on
> 
> http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Importing_the_Certificate
>
> 
> 
> and I put the resulting keystore into service, started Tomcat, and
> got this in logs/catalina.out:
> 
>> SEVERE: Failed to initialize end point associated with
>> ProtocolHandler ["http-bio-443"]          Throwable occurred:
>> java.io.IOException: Alias name tomcat does not identify a key
>> entry         at

Did you also put your server's key into the keystore?

> If I list the keystore, I get:
>> Keystore type: jks
>>  Keystore provider: IBMJCE
>> 
>> 
>> Your keystore contains 2 entries
>> 
>> 
>> root, Jan 18, 2012, trustedCertEntry,
>> Certificate fingerprint (MD5):
>> D6:6A:92:1C:83:BF:A2:AE:6F:99:5B:44:E7:C2:AB:2A tomcat, Jan 18,
>> 2012, trustedCertEntry,
>> Certificate fingerprint (MD5):
>> 55:D7:4D:D4:83:01:D6:E0:EB:A4:F3:9A:06:BD:87:38

It looks like you only have certificates. Did you forget to import the
key into the keystore?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8d5S0ACgkQ9CaO5/Lv0PC7oACdHek6Dxn2r0p2TXz7w9IxYJv8
EecAoI45tZqdrBsTZGII759VyURQAsFL
=beQr
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to