LINUX.ORG.RU
ФорумAdmin

tomcat standalone SSL


0

0

Не получается запустить SSL со своим сертификатом, который подписан своим же CA.

делаю как написано, всё кроме 7-ого шага. не понимаю зачем он нужен у меня же не самоподписанный сертификат> В результате у меня в .keystore получается два сертификата, один от моего CA а второй для сервера на котором работает томкат . tomcat5.5 java 1.5

Ошибка в логе catalina.out SSL handshake errorjavax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled. SETTING UP YOUR WEB SERVER ----------------------------------------------------

Step 7. Create a keystore for your web server. keytool -genkey -alias tomcat -keyalg RSA -keysize 1024 -keystore ssl/server/server.ks -storetype JKS

Step 8. Create a certificate request for your web server. keytool -certreq -keyalg RSA -alias tomcat -file ssl/server/server.csr -keystore ssl/server/server.ks You need to edit the certificate request file slightly. Open it up in a text editor and amend the text which reads "NEW CERTIFICATE REQUEST" to "CERTIFICATE REQUEST"

Step 9. Have your CA sign your certificate request: openssl x509 -CA ssl/ca/ca.pem -CAkey ssl/ca/ca.key -CAserial ssl/ca/ca.srl -req -in ssl/server/server.csr -out ssl/server/server.crt -days 365

Step 10. Import your signed server certificate into your server keystore: keytool -import -alias tomcat -keystore ssl/server/server.ks -trustcacerts -file ssl/server/server.crt You should see a message "Certificate reply was installed in keystore".

Step 11. Import your CA certificate into your server keystore: keytool -import -alias my_ca -keystore ssl/server/server.ks -trustcacerts -file ssl/ca/ca.pem This step is only necessary if you wish to use SSL client authentication with Tomcat.

Step 12. Set up an SSL connector for Tomcat. I assume that you know, or can find out, how to do this. Open up conf/server.xml in a text editor and search for the text "keystoreFile". Ensure that the attribute value is the keystore you've created above.

anonymous

Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.