Tomcat Server/Client Self-Signed SSL Certificate -

-

I have an Apache Tomcat 6.x server, which is running with a self-signed SSL certificate. I want to present my certificate to the server on the server so that I can prove it on the basis of users' database. I have to work all this on an example that I found online, but with example the canned certification and the creation of JSC datastore. I want to make my own datastore but there is no luck.

How do I create a datastore for Tomcat?
How do I create a self-signed certificate for Tomcat?

How do I create a self-signed certificate for the client?
How can I force Tomcat to believe in the customer's signature?

I am playing with Java key toll several hours now Finally, my problem has been solved, so I will post the result here if

P> Thanks for Michael Martin I came to know that:

By default the keytool uses the DSA algorithm when it produces self-signed certificates. These keys are accepted without any issues prior to the version of Firefox. Firefox 3 does not use DSA, with Beta 5, but uses RSA to fully accept "Keepal RSA" Passing Firefox 3 Beta 5 while creating a self-signed certificate.

I just set that flag, cleaned all the cache in Firefox and it worked magic! I am using it as a test-setup for my project and I need to share it with others, so I wrote a small batch which creates two SSL certificates. One can be dropped in a tomcat setup and the second one. P12 file that can be imported into Firefox / IE. Thanks!

Usage: The first command line argument is the username of the client. All passwords are "password" (no quotes). Change any of the hard-coded bits to meet your needs. 

  close @echo if "% 1" == "" gotto use keytool -genkeypair -alias servercert -keyalg rsa -dname "cn = web server, ou = unit, o = organization, l = City, S = State, C US = "-keystore server.jks -storepass password -keypass password keytool -genkeypair -alias% 1 -keystore% 1.p12 -storetype PKCS12 -keyalg RSA -dname" CN =% 1, OU = Unit, O = Organization, L = City, S = State, C = America "-keypass password -storepass password keytool -exportcert -alias% 1 -file% 1 Certificate -keystore% 1.p12 -storetype PKCS12 -storepass password keytool -importcert -keystore server.jks -alias% 1 -file% 1.cer -v -trustcacerts -noprompt -storepass password keytool -List -v -keystore server.jks -Storpass password del% 1. Sense geto end: Usage echo needs User ID as the first argument: generated_kistore [username] goto end: end pause

The result is two files The server is called jak, which you leave in Tomcat and another file that you import into your browser called {p1}. The client certificate in the server.jks file has been added as a trusted certificate.

I hope someone finds it useful.

And here's the XML that you can test on your bogus conf / sever.xml file (only on Tomcat 6.x) 

  & lt; Connector clientAuth = "true" port = "8443" minSpareThreads = "5" maxSpareThreads = "75" EnableLookups = "true" disableUploadTimeout = "true" acceptCount = "100" maxThreads = "200" scheme = "https" secure = "correct "SSLEnabled =" true "keystoreFile =" $ {catalina.home} / conf /server.jks "keystoreType =" JKS "keystorePass =" password "truststoreFile =" $ {catalina.home} /conf/server.jks "truststoreType = "JKS" truststorePass = "password" SSLVerifyClient = "is required" SSLEngine = "on" SSLVerifyDepth = "2" SSL Protocol = "TLS" /> Talket 7:  
  & lt; Connector Protocol = "org.apache.coyote.http11.Http11NioProtocol" ports = "8443" SSLEnabled = "true for  
 
" MaxThreads = "200" scheme = "https" secure = " True "keystylefile =" $ {catalina.base} / conf /server.jks "keystore =" password "clientAuth =" false "SSL protocol =" TLS "/>

Comments

Post a Comment

Popular posts from this blog

c# - ListView onScroll event -

-
I am programming a simple C # application, and I need a Scallow event on the list view. So I inherited the original ListView class created in ListviewEx witch. I found out how to locate the scroll message from WinAPI and I modified the WndProc method. Now I have this WndProc: protected override zero WndProc (Ref message message) {base.WndProc (Ref I); If (m.msg == WM_VSCROLL) {onScroll (This, New EventArgs ()); }} But the problem is, I do not know how to know about scrolling information. This data should be in wParam, but there is a LOWORD macro ++ like in C in C # and I switch to find the criteria like SB_ below, SB_ENDSCROLL, SB_PAGEUP etc. there any way Need to change the LOWORD macro from C #? Or any other way to find the necessary parameters about scrolling? You can define the WParam constants as the following: Private const int WM_HSCROLL = 0x114; Private Constant WM_VSCROLL = 0x115; Private contact int SBHOZZ = 0; Private Consultant SB_VERT = 1; Private Con...
Read more

PHP - get image from byte array -

-
I am trying to create a back-end for my mobile application. I am sending the content of an image in the body of the HTTP request (output stream) as a byte array, I want to read this stream of bytes in PHP scripts and take back an image. Can anyone tell me how can I do this? Thank you. You can obtain the request body $ body = Reading from file_get_contents ('php: // input'); What you do with that data Depending on you, you can write the data in a file as you mentioned that this is image data, you can drop the data into the object can do. Another option is to use and load the image.
Read more

Linux Terminal Problem with Non-Canonical Terminal I/O app -

-
I have a small app written in C to run on Linux. Part of the app accepts user-input from keyboard , And it uses non-canonical terminal mode so that it can respond to each keystroke. The section of the code that accepts input is a simple task that is called repeatedly in the loop: char get_input () {char C = 0; Int res = reading (input_tamille, & amp; c, 1); If (RSS == 0) 0 returns; If (res == -1) {/ * snip error handling * /} return c; } It reads a letter from the terminal if there is no input within a given time limit, (c_cc [VTIME] value in the vocabulary structure), read () 0 And get_input () is called again It all works very well, I have recently discovered that if you run this app in a terminal window, and then the app Close the terminal window without ending, the app will not exit Received, but CPU intensive launches into an infinite loop, where the read () returns 0 without waiting continued. So how can I get out of the apple if it runs from the terminal win...
Read more