dcsimg
Importing Thawte signed certificates and root certificates into Tomcat SSL
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Yong_Richard
Posted On:   Wednesday, June 18, 2003 07:13 AM

Hi, I'm working on Tomcat 4.1.24 standalone on Windows 2000 platform. Currently trying to set up SSL connection for Tomcat. I have managed to use https session. However, only problem is that the client browser will always prompt me to verify the certificate. It will say: "the certificate is not trusted... do you want to continue?" I viewed the certificate and I realised that it is actually my own self-signed cert that is being loaded since the issued by: is from me and not Thawte. Apparently, the signed Thawte certificate did not get imported into Tomcat. This is the detailed procedure which I have gone through: 1. I used the keytool to generate the study keystore: keytool -   More>>

Hi,


I'm working on Tomcat 4.1.24 standalone on Windows 2000 platform. Currently trying to set up SSL connection for Tomcat. I have managed to use https session. However, only problem is that the client browser will always prompt me to verify the certificate. It will say: "the certificate is not trusted... do you want to continue?" I viewed the certificate and I realised that it is actually my own self-signed cert that is being loaded since the issued by: is from me and not Thawte. Apparently, the signed Thawte certificate did not get imported into Tomcat.



This is the detailed procedure which I have gone through:



1. I used the keytool to generate the study keystore:

keytool -genkey -keyalg RSA -alias tomcat -keystore study.keystore



2. Generated a study CSR: keytool -certreq -alias tomcat -keyalg RSA -file study.csr -keystore study.keystore



3. I went to Thawte website to obtain a test SSL certificate using the a/m study CSR generated.



4. I stored the Thawte signed CSR as a file known as study.cer.



5. At the same time, I also downloaded a copy of Thawte test root certificate and installed it as trusted root certificate in my browser.



6. Next, I performed an import of the signed CSR into the keystore: keytool -import -alias root -trustcacerts -file study.cer -keystore study.keystore



7. I also performed an import of the root cert into the keystore: keytool -import -trustcacerts -alias tomcat -file thawte.cer -keystore study.keystore



8. I started up tomcat and used IE5.0 and the browser asked me to verify my self-signed certificate instead.



Anyone done this before? Please help.



Warmest regards.

   <<Less

Re: Importing Thawte signed certificates and root certificates into Tomcat SSL

Posted By:   Yong_Richard  
Posted On:   Wednesday, June 18, 2003 07:20 PM

Hi,



After one more try at it, I finally got the answer. I realised that I have imported the wrong certs as root and as tomcat alias. The certs for steps 6 & 7 shld switch. 1 more mistake that I made was during the cutting and pasting of the certs. I accidentally included a few more lines at the end of the file which triggered an EOF error from Java. The content should strictly end only at the end of certificate line. No more, no less.



Cheers!
About | Sitemap | Contact