SSL certificate Import problem
sriram purushothaman
sp_bits at yahoo.com
Tue Jul 3 04:21:45 EDT 2007
Scott,
In my tomcat's server.xml, I have added the keystoreFile as
''keystoreFile="D:/bea/jdk142_05/jre/lib/security/cacerts"'.
After this change, if i point my IE to https://localhost:8443/cas/login , i get "Page cannot be displayed".
I am not getting the dialog box prompt with Yes/No/Cancel.
I used "localhost" as first-name and last-name while creating the certificate.
<Connector port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="D:/bea/jdk142_05/jre/lib/security/cacerts" />
Thanks
Scott Battaglia <scott.battaglia at gmail.com> wrote: You need to delete it from BEA's cacerts file. So append the keystore to the delete command. The file doesn't matter as once its imported into the keystore the file is no longer relevant.
-Scott
On 6/29/07, sriram purushothaman <sp_bits at yahoo.com> wrote:
%JAVA_HOME%\bin\keytool -delete -alias tomcat -keypass changeit
In this above command, where should i mention the old "server.crt"
or is just executing the above command is enough?
Because i run these 4 commands anyway and still get the error.
keytool -delete -alias tomcat -keypass changeit
keytool -genkey -alias tomcat -keypass changeit -keyalg RSA
keytool -export -alias tomcat -keypass changeit -file
server3.crt
keytool -import -file server3.crt -keypass changeit -keystore D:/bea/jdk142_05/jre/lib/security/cacerts
Thanks
Scott Battaglia <scott.battaglia at gmail.com> wrote:
You'll need to delete your old certificate first using something like the following (though it will need to be changed for your environment):
%JAVA_HOME%\bin\keytool -delete -alias tomcat -keypass
changeit
-Scott
On 6/29/07, sriram purushothaman < sp_bits at yahoo.com> wrote:
Hi
I am following this URL to generate the SSL certificate to be used with CAS.
http://www.ja-sig.org/wiki/display/CAS/Solving+SSL+issues
I got a server.crt and it is in "D:\bea\jdk142_05\bin". This certificate is added to my cacerts in "D:\bea\jdk142_05\jre\lib\security"
I wrongly gave my name "Sriram Purushothaman" for the "first name and last name" question.
Now, i am trying to generate a new certificate using "localhost" as "first name and last name" and retaining the same answer for other questions.
I have deleted the earlier "server.crt" and my attempt to import the new "server3.crt" is failing because of this below exception
> keytool -import -file server3.crt -keypass changeit -keystore D:/bea/jdk142_05/jre/lib/security/cacerts
> Enter keystore password: changeit
> keytool error: java.lang.Exception: Certificate not imported, alias <mykey> already exists
Can you please help?
Thanks
---------------------------------
Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV.
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia _______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
---------------------------------
Expecting? Get great news right away with email Auto-Check.
Try the Yahoo! Mail Beta.
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia _______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
---------------------------------
Park yourself in front of a world of choices in alternative vehicles.
Visit the Yahoo! Auto Green Center.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070703/f79bab96/attachment.html
More information about the cas
mailing list