Help coderanch get a
new server
by contributing to the fundraiser
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Tim Moores
  • Carey Brown
  • Mikalai Zaikin
Bartenders:
  • Lou Hamers
  • Piet Souris
  • Frits Walraven

Problems with SSL, certification import problems.

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello there.

I have to deploy a java application under tomcat. I need to have ssl on the server. In fact, the ssl is working properly, the problem is that once i have received the new certificate from a CA (verisign in my case), i am having problems in order to import thar certificate into my keystore.

Yes, i have already google it, but most of the post i have found speak about tomcat misconfiguration, which is not my case, ssl works fine, but onl with the certificate i have created (and, of course, that is not a *secure* certificate, as long as it has not been issued by a CA)

First of all, information :
-All runs under Java 1.4.2
-GNU/Linux system
-Tomcat 5.5
-By now, Tomcat is run by root

Now, i describe the problem:

I created my keystore :

Then, i generated my CSR:


And I send the certreq.csr file to verisign.

Then verisign emailed me the certificate. Here the problem started, it was my fault... The documentation at the spanish site at verisign was not very good, and i wasn't very smart, so after a few problems, i decided to *delete* the keystore and create it again, with the same commands. I think this is the problem.

After that, i imported the root certificate from verisign :



After this step, I list what's in the keystore :



At this point i understand that the root certificate from the CA is properly installed and that my certificate is installed, but i still need to import the one that i have received from verisign...

So, let's import the certificate from verisign:



The translation for the error is :


By having a look at this, i assume that this maybe a problem of have reseted the keystore, am i right?

Well, in any case, the tomcat configuration for ssl is :



The tomcat configuration is correct, as long as i can start tomcat and have a proper ssl connection against the server, the problem here is the certificate (I am still using the certificate that i generated, as long as i can not import the one received from verisign).

Another thing that i tried was to create a new keystore called amandris.com, and then, import on that keystore the root certificate from verisign and the certificate issued for verisign for my web, but if i do that; chaning the tomcat configuration to :



At the moment i restart tomcat, i get this:



Which is pretty funny, because if i list what is in the amandris.com keystore, I get this :



Well, this is the situation, the fact is that i am *despertate* i wonder if verisign will have to send us a new certificate signed... i think that's the problem, and i have sent them a new Certification Sign Request...

Any ideas? Anything will be *very* appreciated.

Thanks in advance
Juan Antonio Gomez Moriano
 
Juan Antonio Gomez Moriano
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello there.

Finally i found the solution. As i expected, a new CSR was to be sended to the CA and signed... after that, i just install the new certificate into my keystore and everything was fine

Moriano
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic