[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Still seeking help on client-cert

To: <ajug-members@ajug.org>
Subject: Still seeking help on client-cert
From: "Tom Boyce" <tom.boyce@wellfound.com>
Date: Wed, 14 Apr 2004 10:49:35 -0400
Importance: Normal

I've posted a couple of times on this subject and, at the risk of becoming
annoying, I am still struggling with getting the client cert authorization
working with Tomcat 5.  My gut feeling is I'm erring in the certificate
requests.

I have now set up a win2k server box as a standalone CA from which I can
request certificates.  Here are the certificates I created today:




C:\JBuilder9\jdk1.4\bin>keytool -genkey -alias tomcat2 -keyalg RSA -keystore
serverKeyStore.jks
Enter keystore password:  changeit
What is your first and last name?
  [Unknown]:  Wellfound
What is the name of your organizational unit?
  [Unknown]:  Wellfound
What is the name of your organization?
  [Unknown]:  Wellfound
What is the name of your City or Locality?
  [Unknown]:  Marietta
What is the name of your State or Province?
  [Unknown]:  Georgia
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=Wellfound, OU=Wellfound, O=Wellfound, L=Marietta, ST=Georgia, C=US
correct?
  [no]:  yes

Enter key password for <tomcat2>
        (RETURN if same as keystore password):


C:\JBuilder9\jdk1.4\bin>keytool -certreq -keyalg RSA -alias tomcat2 -file
servercertReq.csr -keyStore serverKeyStore.jks
Enter keystore password:  changeit

C:\JBuilder9\jdk1.4\bin>cd..


C:\JBuilder9\jdk1.4\jre>cd lib\security

C:\JBuilder9\jdk1.4\jre\lib\security>keytool -genkey -alias omni -keyalg RSA
-keystore cacerts.jks
Enter keystore password:  changeit
What is your first and last name?
  [Unknown]:  Omni
What is the name of your organizational unit?
  [Unknown]:  SanteFe
What is the name of your organization?
  [Unknown]:  Omniconnect
What is the name of your City or Locality?
  [Unknown]:  Atlanta
What is the name of your State or Province?
  [Unknown]:  Georgia
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=Omni, OU=SanteFe, O=Omniconnect, L=Atlanta, ST=Georgia, C=US correct?
  [no]:  yes

Enter key password for <omni>
        (RETURN if same as keystore password):

C:\JBuilder9\jdk1.4\jre\lib\security>keytool -certreq -keyalg RSA -alias
omni -file omnicertReq.csr -keyStore cacerts.jks
Enter keystore password:  changeit

C:\JBuilder9\jdk1.4\jre\lib\security>

I then copied and pasted the the full code from the certreq files and into
the form on the CA request.  After I issued the certs, I was given two
choices to download - the cert and the path - I downloaded both.  I then
intalled all certificates in the browser and in my serverTrustStore, I have
a cert signed by the CA and issued to the server.  In the p7b file there are
two certificates and one looks like it might be the root, but I can't figure
out how to put that into my trustedstore file???

In my cacerts.jks in the jre, I have the certificate signed by the CA.

Tomcat debug trace shows a bad certificate error.

Does anyone have any suggestions?  I'll be happy to provide any additional
information requested.

Thanks,
Tom Boyce

Prev by Date: Leonard Stofsky/FSG/FDS is out of the office.
Next by Date: Architecture / Design help needed
Prev by thread: Leonard Stofsky/FSG/FDS is out of the office.
Next by thread: Architecture / Design help needed
Index(es):
- Date
- Thread