 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / Security / April 2004Jboss/Tomcat SSL and mozilla
Hi all, I got -12229 mozilla error code when I try to connect to my web app, ( after I accept certificate ). IE , Opera connects OK. App server is Jboss 3.2.3/Tomcat 4.1 and cerificate is generated using keytool ( cmd line was keytool -genkey -keyalg RSA -sigalg SHA1WithRSA ... ) -- Boris >Hi all, > [quoted text clipped - 4 lines] >keytool ( cmd line was keytool -genkey -keyalg RSA -sigalg >SHA1WithRSA ... ) Hi Boris, I just thought I'd let you know that I use Mozilla Firefox with JBoss 3.2.3/Tomcat4.1.29 and everything works ok, so your problem *may* not be an issue with Mozilla. However, I do generate my key differently to you: I do not use the -sigalg switch, which defaults to md5RSA. Maybe this will make a difference? Have you looked at what the Mozilla error code means? You can find the meanings here, which may be helpful: http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html Regards, Duncan Eley duncan.eleyREM@VEbcs.org.uk Hi Duncan, Nope, I can't get it work. Can you send me keytool command line you used? > Hi Boris, > [quoted text clipped - 9 lines] > > Regards, Boris >Hi Duncan, > >Nope, I can't get it work. Can you send me keytool command line you used? Hi Boris, Here is my keytool coomand line: keytool -genkey -keyalg rsa -keystore myks.ks However, the certificate may not be the problem; it was just a shot in the dark, so I will explain my JBoss/Tomcat settings too in case you have a problem there. The documentation for JBoss is quite shocking so it wouldn't surprise me! 1. In the file %JBOSS_HOME%\server\default\conf\jboss-service.xml I have an mbean entry as follows: <mbean code="org.jboss.security.plugins.JaasSecurityDomain" name="Security:service=JaasSecurityDomain,domain=TomcatSSL"> <depends>jboss.security:service=JaasSecurityManager</depends> <constructor> <arg type="java.lang.String" value="TomcatSSL" /> </constructor> <attribute name="KeyStoreURL">file://C:\myks.ks</attribute> <attribute name="KeyStorePass">myPassword</attribute> </mbean> 2. In the file %JBOSS_HOME%\server\default\deploy\jbossweb-tomcat41.sar\META-INF\jboss-service.xml: Find the HTTP/1.1 connector. The connector has a number of attributes. I have added a new attribute called redirectPort and given it a value of 8443. E.g. redirectPort="8443". 3. Underneath that connector in the same file I created a new connector for port 8443 as follows: <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="false" acceptCount="100" debug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadTimeout="true"> <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" keystoreFile="C:\myks.ks" keystorePass="myPassword" clientAuth="false" protocol="TLS" /> </Connector> Please note: this is for configuring HTTPS only, not RMI SSL. HTH, Duncan Eley duncan.eleyREM@VEbcs.org.uk Hi Duncan I tried with mozilla 1.2.1 and it worked , so it's obviously a mozilla issue. Anyway, thanks. Boris Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.