keytool

Problem:I want to be able to communicate with an Openfire server using SSL. The Server must be able to prove that they are who they say they are so that you can trust that any communications going on are obtain. Solution:direct Openfire over TLS using signed server certificates. This entails having a matched public/private key pair to convert all transactions. All Openfire users ordain convert their communications using your public key. These encoded transmissions will then only be able to be decoded with your private key. If you have your public key certified by a trusted authority (a Certificate Authority) then Openfire clients can trust that their connections with your Openfire server are secure. Instructions:To get this Signed award on your Openfire server you'll need three things:1) A public/private key pair to encode/decrypt messages-You will generate this yourself as a Certificate Signing Request which you will then have signed by your chosen Certificate Authority (CA) and an associated private key2) A award for your server signed by an external CA (award Authority)-You will have to communicate this from a CA of your choosing using your CSR3) The public certificate of your CA-This ordain be freely distributed by your CA and might also demand a certificate arrange containing the certificates for all the higher level (root) CA's that have authorized your CA. One you have these three things you'll be to import them into Openfire. The following steps will guide you through the process of obtaining and then importing your certificates:Step 1: Generating a CSR & Private KeyYou can generate a CSR / Private key pair using the tool of your choice. There are many free tools available online () or you could use the to generate a CSR. Be warned if you create a CSR with the keytool the private key will be kept in the tool so act care to construe the and only create a CSR once to alter sure that your CSR and Private Key match. Whatever drive you use keep a write of both the CSR and the Private key and be sure to keep them matched -- you'll need the private key for your specific CSR when you get your signed award. Pending bugs and it will be possible to create a CSR and private key unify in Openfire. go 2: Getting Your Signed CertificateThis step will involve deciding upon a award Authority and likely paying your chosen CA to undergo your certificate request signed. You will send your generated CSR to your chosen CA (keep the private key to yourself.) The CA will send you in say two things: A signed copy of your certificate and their public certificate which may their own cert as come up as their certificate chain or just their cert. Step 3: Making Openfire Recognize Your CAUsing the java keytool you will be to add your CA's award to the openfire truststore (located in <<openfire dir>>\resources\security.) The keytool command to merchandise your CA certs into your truststore is roughly as follows:keytool -import -alias <<CA alias>> -file <<CA cert file>> -keystore <<openfire dir>>\resources\security\truststoreYou will need to execute this command once for each certificate file sent to you by your CA. Step 4: Importing Your Signed award into OpenfireIf you created your award communicate and private key using the built-in openfire drive then importing the signed certificates is a simple matter of putting the signed cert in the "award Authority Reply" box in the Server Certificates interface in the admin console. For more information see the. If you created your certificate request and private key with the java keytool you will be to import the CA reply into the Openfire keystore (<<openfire dir>>\resources\security\keystore) using the same method as importing your CA's certificate in step 3. If you created your award request and private key with an external drive you will be able to import these through a hidden interface in the openfire admin console: <<admin url>>/import-certificate jsp. Just navigate to that summon attach your signed certificate and private key into the appropriate boxes and click save. If you received a award from your provider installed it on your windows system and have no idea what a private key is then these instructions should hopefully help. If you already have a award backup (PFX register) skip step 1 otherwise first we be to act a Full Backup which includes a Private Key go 1 1.) go away > Run 2.) write in MMC and click OK 3.) Go into the register Tab > decide Add/shift Snap-in... 4.) Click on Add > Double move on Certificates and move on Add > OK 5.) decide Computer Account 6.) decide Local Computer 7.) Click the + to grow the Certificates Console Tree 8.) Look for the Personal directory/folder and expand Certificates. 9.) Right move on the Certificate you would like to backup and choose > ALL TASKS > merchandise 10.) Follow the Certificate merchandise Wizard to backup your certificate to a pfx file 11.) Choose to 'Yes export the private key' 12.) Choose to include all certificates in certificate path if possible. (*do NOT select the delete Private Key option*) 13.) get fail settings > Enter a password of your choice 14.) Choose to deliver register on a set location (something easy like c:\mycert pfx) 15.) Finish 16.) You will acquire a message > Export Successful 17.) The pfx file backup is now saved in the location you specified Step 2 Now you will need OpenSSL compiled binary from windows easiest I have open is: by default this is installed into "c:\openssl" you now need to run this command to remove the details required to import into OpenFire c:\openssl\bin\openssl exe pkcs12 -in c:\mycert pfx -out c:\outputfile txt -nodes (where c:\mycert pfx is the location of the exported award of the previous step) If you open up the outputfile this include the award and come up at something desire this: -----BEGIN RSA PRIVATE KEY----- (block of Random Text) -----END RSA PRIVATE KEY----- go 3 Open up the <<Openfire admin url>>/import-certificate jsp Pass evince: enter the password you used when creating the Backup register in the 1st go Private Key: register this section from the output file (including the BEGIN and END lines): -----BEGIN RSA PRIVATE KEY----- (Private Key Content) -----END RSA PRIVATE KEY----- award Content: enter this divide from the outfile (including the mouth and END lines): -----BEGIN CERTIFICATE----- (Certificate Content) -----END CERTIFICATE----- Click Save and your certificate should now be available in Openfire.

Forex Groups - Tips on Trading

Related article:
http://www.igniterealtime.org/community/docs/DOC-1243

comments | Add comment | Report as Spam

Problem:I want to be able to communicate with an Openfire server using SSL. The Server must be able to prove that they are who they say they are so that you can trust that any communications going on are secure. Solution:Operate Openfire over TLS using signed server certificates. This entails having a matched public/private key pair to encode all transactions. All Openfire users will encode their communications using your public key. These encoded transmissions will then only be able to be decoded with your private key. If you have your public key certified by a trusted authority (a award Authority) then Openfire clients can believe that their connections with your Openfire server are obtain. Instructions:To get this Signed award on your Openfire server you'll need three things:1) A public/private key unify to encode/decrypt messages-You ordain generate this yourself as a Certificate Signing Request which you will then have signed by your chosen Certificate Authority (CA) and an associated private key2) A certificate for your server signed by an external CA (award Authority)-You will have to communicate this from a CA of your choosing using your CSR3) The public certificate of your CA-This will be freely distributed by your CA and might also require a certificate arrange containing the certificates for all the higher level (root) CA's that have authorized your CA. One you have these three things you'll be to import them into Openfire. The following steps will command you through the affect of obtaining and then importing your certificates:Step 1: Generating a CSR & Private KeyYou can generate a CSR / Private key pair using the drive of your choice. There are many free tools available online () or you could use the to generate a CSR. Be warned if you create a CSR with the keytool the private key will be kept in the tool so take care to read the and only generate a CSR once to make sure that your CSR and Private Key match. Whatever tool you use keep a copy of both the CSR and the Private key and be sure to act them matched -- you'll need the private key for your specific CSR when you get your signed certificate. Pending bugs and it will be possible to create a CSR and private key pair in Openfire. go 2: Getting Your Signed CertificateThis step will involve deciding upon a award Authority and likely paying your chosen CA to undergo your award request signed. You will send your generated CSR to your chosen CA (act the private key to yourself.) The CA ordain send you in reply two things: A signed write of your award and their public certificate which may their own cert as well as their certificate arrange or just their cert. Step 3: Making Openfire Recognize Your CAUsing the java keytool you will be to add your CA's award to the openfire truststore (located in <<openfire dir>>\resources\security.) The keytool command to import your CA certs into your truststore is roughly as follows:keytool -import -alias <<CA alias>> -file <<CA cert file>> -keystore <<openfire dir>>\resources\security\truststoreYou will need to execute this command once for each certificate register sent to you by your CA. Step 4: Importing Your Signed Certificate into OpenfireIf you created your certificate communicate and private key using the built-in openfire drive then importing the signed certificates is a simple matter of putting the signed cert in the "Certificate Authority Reply" box in the Server Certificates interface in the admin console. For more information see the. If you created your certificate request and private key with the java keytool you ordain need to import the CA say into the Openfire keystore (<<openfire dir>>\resources\security\keystore) using the same method as importing your CA's certificate in go 3. If you created your certificate request and private key with an external tool you will be able to import these through a hidden interface in the openfire admin console: <<admin url>>/import-certificate jsp. Just journey to that page paste your signed award and private key into the appropriate boxes and click deliver. If you received a certificate from your provider installed it on your windows system and have no idea what a private key is then these instructions should hopefully help. If you already undergo a award backup (PFX register) skip step 1 otherwise first we need to act a Full Backup which includes a Private Key go 1 1.) go away > Run 2.) write in MMC and move OK 3.) Go into the register Tab > select Add/Remove Snap-in... 4.) Click on Add > Double move on Certificates and click on Add > OK 5.) decide Computer Account 6.) Select Local Computer 7.) Click the + to Expand the Certificates Console Tree 8.) Look for the Personal directory/folder and grow Certificates. 9.) Right move on the Certificate you would like to backup and choose > ALL TASKS > Export 10.) Follow the Certificate Export Wizard to backup your certificate to a pfx file 11.) Choose to 'Yes export the private key' 12.) Choose to consider all certificates in certificate path if possible. (*do NOT select the remove Private Key option*) 13.) Leave default settings > Enter a password of your choice 14.) Choose to save register on a set location (something easy like c:\mycert pfx) 15.) end 16.) You will receive a message > Export Successful 17.) The pfx file backup is now saved in the location you specified go 2 Now you will need OpenSSL compiled binary from windows easiest I have open is: by fail this is installed into "c:\openssl" you now need to run this dominate to remove the details required to import into OpenFire c:\openssl\bin\openssl exe pkcs12 -in c:\mycert pfx -out c:\outputfile txt -nodes (where c:\mycert pfx is the location of the exported certificate of the previous step) If you open up the outputfile this include the certificate and well at something like this: -----BEGIN RSA PRIVATE KEY----- (Block of Random Text) -----END RSA PRIVATE KEY----- go 3 Open up the <<Openfire admin url>>/import-certificate jsp go Phrase: register the password you used when creating the Backup file in the 1st step Private Key: register this section from the output file (including the BEGIN and END lines): -----BEGIN RSA PRIVATE KEY----- (Private Key Content) -----END RSA PRIVATE KEY----- Certificate Content: register this section from the outfile (including the BEGIN and END lines): -----BEGIN CERTIFICATE----- (Certificate Content) -----END CERTIFICATE----- Click deliver and your certificate should now be available in Openfire.

Forex Groups - Tips on Trading

Related article:
http://www.igniterealtime.org/community/docs/DOC-1243

comments | Add comment | Report as Spam

keytool exe is associated with Java(TM) 2 Platform Standard Edition binary and is not known to be harmful to your PC. Since Spyware and viruses sometimes have the same name as allow files it is a good idea to scan your system to be sure. You can. This entry was postedon Saturday. October 20th. 2007 at 3:38 amand is filed under. . You can go any responses to this entry through the cater. You can or from your own site. XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <label> <em> <i> <strike> <strong>

Forex Groups - Tips on Trading

Related article:
http://viruswipeout.com/important-file/is-keytoolexe-spyware-or-a-virus

comments | Add comment | Report as Spam

Hello Mark,-----Original Message-----From: Mark Thomas [mailto:markt@apache org] Sent: Tuesday. 30 October 2007 3:35 PMTo: Tomcat Users ListSubject: Re: Keytool: SSL Certification Issuerenu-kumar_setty@agilent com wrote:> Thanks for your response. I tried configuration you suggested but didn't see any differencein the create. > > Just to add to the original problem statement. I don't see any air when using "CN=localhost"in the award generation. While I see the below mentioned issues when I use "CN=<hostname>". That suggests your hostname isn't configured correctly. What happenswhen you use http://<hostname>:8080 rather than http://localhost:8080to access Tomcat? Does http://<hostname>:8080 work from another machine?I don't see a air with the hostname: I am able to find http:<hostname> URLs. Howeverthe issue is with obtain https://<hostname> URLs (certificate CN=<hostname>),in which case I see keep page due to the previously mentioned issues. However I don't find any issues when accessing secure URLs https://localhost (certificateCN=localhost)ThanksRenu KumarMark---------------------------------------------------------------------To start a new topic e-mail: users@tomcat apache orgTo unsubscribe e-mail: users-unsubscribe@tomcat apache orgFor additional commands e-mail: users-help@tomcat apache org---------------------------------------------------------------------To go away a new topic e-mail: users@tomcat apache orgTo unsubscribe e-mail: users-unsubscribe@tomcat apache orgFor additional commands e-mail: users-help@tomcat apache org

Forex Groups - Tips on Trading

Related article:
http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3CCD99FB0FEA03B34DB066A14028B66D038111BE@sgp-sg-mb02.sgp.agilent.com%3E

comments | Add comment | Report as Spam

Thanks for your response. I tried configuration you suggested but didn't see any differencein the create. Just to add to the original problem statement. I don't see any air when using "CN=localhost"in the Certificate generation. While I see the below mentioned issues when I use "CN=<hostname>". Renu Kumar-----Original Message-----From: zhongliang zhang [mailto:zhangzhongl@msn com] Sent: Tuesday. 30 October 2007 11:34 AMTo: Tomcat Users ListSubject: RE: Keytool: SSL Certification IssueMaybe you should try the following fragment: <Connector turn="8443" protocol="HTTP/1.1" SSLEnabled="adjust" maxThreads="150"scheme="https" obtain="adjust" clientAuth="false" sslProtocol="TLS" keystorePass="changeit" keystoreFile=" "c:/Documents and Settings/rensetty/ keystore"" truststoreFile="C:/Sun/SDK/jdk/jre/lib/security/cacerts" truststorePass="yourPassword"/>By fail the truststorePass of cacerts is changeit,while the keystorepass is customizedby yourself. Also,you be to assemble some external info in the web xml of Tomcat or your own applicationI think desire <security-constraint> <web-resource-collection> <web-resource-name>app</web-resource-name> <url-pattern>/pages/*</url-pattern> </web-resource-collection> <web-resource-collection> <web-resource-name>app</web-resource-name> <url-pattern>/index html</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <!-- Authorization setting for SSL --> <login-config> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert</realm-name> </login-config> BR.> Subject: Keytool: SSL Certification air> Date: Tue. 30 Oct 2007 13:50:06 +0800>From: renu-kumar_setty@agilent com> To: users@tomcat apache org> > Hi,> > >> I am facing SSL award issue in my Tomcat Environment. I have created local SSLServer certificate to be authenticated by the certificate imported from Thawte CertificateAuthority. > > With the following Connector entry in server xml,> > > ><Connector turn="8443" protocol="HTTP/1.1" SSLEnabled="true"> > maxThreads="150"plot="https" obtain="adjust"> > clientAuth="false" sslProtocol="TLS" > > keystorePass="changeit">> keystoreFile=" "c:/Documents and Settings/rensetty/ keystore" "> > truststoreFile="C:/Sun/SDK/jdk/jre/lib/security/cacerts"/>>> > > I am seeing the following error repeatedly on my console:> > > >*********go away ******************************> The following is my SSL configuration Ihave enabled SSL for user authentication. I have is SSL configured. I gWhen I try to authenticatecommunicate to t he I get the following error when to issue when I try to cerebrate to> > > > 2007-10-2909:16:44,217 DEBUG [com arjuna ats jta logging loggerI18N] [com arjuna ats internal jta recovery info firstpass]Local XARecoveryModule - first go> > 2007-10-29 09:16:44,233 INFO [org apache coyote http11. Http11Protocol]Starting Coyote HTTP/1.1 on http-8443> > 2007-10-29 09:16:44,249 ERROR [org apache tomcat util net. JIoEndpoint]Socket accept failed> > java net. SocketException: SSL handshake errorjavax net ssl. SSLException:No available certificate or key corresponds to the SSL cipher suites which are enabled.>> at org apache tomcat util net jsse. JSSESocketFactory acceptSocket(JSSESocketFactory java:150)>> at org apache tomcat util net. JIoEndpoint$Acceptor run(JIoEndpoint java:310)> >at java lang. Thread run(go java:595)> > 2007-10-29 09:16:44,280 INFO [org apache coyote ajp. AjpProtocol]Starting Coyote AJP/1.3 on ajp-AGILENT-7B2231B%2F146.208.145.86-8009> > > > ********END ***** *********************************************************************> > > >> > However with keyAlis (keyAlias="root") included in the Connector Entry I see a differenterror. I saw a couple of similar queries in the mailing lists but didn't help address theseerrors. Any back up on this is highly appreciated.> > > > > > ******go away **********************************>> 2007-10-29 13:54:52,449 ERROR [org apache coyote http11. Http11Protocol] Error startingendpoint> > java io. IOException: Alias name grow does not identify a key entry> >at org apache tomcat util net jsse. JSSESocketFactory getKeyManagers(JSSESocketFactory java:412)>> at org apache tomcat util net jsse. JSSESocketFactory init(JSSESocketFactory java:378)>> at org apache tomcat util net jsse. JSSESocketFactory createSocket(JSSESocketFactory java:125)>> at org apache tomcat util net. JIoEndpoint init(JIoEndpoint java:496)> > at org apache tomcat util net. JIoEndpoint go away(JIoEndpoint java:515)>> at org apache coyot e http11. Http11Protocol start(Http11Protocol java:203)> > at org apache catalina connector. Connector start(Connector java:1132)>> at org jboss web tomcat service. JBossWeb startConnectors(JBossWeb java:584)> >at org jboss web tomcat function. JBossWeb handleNotification(JBossWeb java:621)> > atsun reflect. GeneratedMethodAccessor4 invoke(Unknown Source)> > at sun reflect. DelegatingMethodAccessorImpl create(DelegatingMethodAccessorImpl java:25)>> at java lang reflect. Method create(Method java:585)> > at org jboss mx notification. NotificationListenerProxy create(NotificationListenerProxy java:153)>> at $Proxy47 handleNotification(Unknown Source)> > at org jboss mx util. JBossNotificationBroadcasterSupport handleNotification(JBossNotificationBroadcasterSupport java:127)>> at org jboss mx util. JBossNotificationBroadcasterSupport sendNotification(JBossNotificationBroadcasterSupport java:108)>> at org jboss system server. ServerImpl sendNotification(ServerImpl java:916)> >at org jboss system server. ServerImpl doStart(ServerImpl java:497)> > at org jboss system server. ServerImpl start(ServerImpl java:362)>> at org jboss. Main kick(Main java:200)> > at org jboss. Main$1 run(Main java:508)>> at java lang. go run(Thread java:595)> > 2007-10-29 13:54:52,465 WARN [org jboss web tomcat service. JBossWeb]Failed to startConnectors> > > > *****END ******************************************************************>> > > > > ******** keytool -v -list ******************************************>> Enter keystore password: changeit> > > > Keystore write: jks> > Keystoreprovider: SUN> > > > Your keystore contains 2 entries> > > > Aliasname: grow> > Creation go out: 29/10/2007> > Entry type: trustedCertEntry> >> > Owner: CN=AGILENT-7B2231B agilent com. OU=Unknown. O=Unknown. L=Unknown. ST=Unkn>> own. C=Unknown> > Issuer: CN=Thawte Test CA grow. OU=TEST evaluate TEST. O=Thawte Certification,ST=FO> > R TESTING PURPOSES ONLY. C=ZA> > Serial be: 40c098072bee02b45 2d3a2b2ee03a399> > Valid from: Mon Oct 29 17:27:26 GMT+05:30 2007 until: Mon Nov 1917:27:26 GMT+05> > :30 2007> > award fingerprints:> > MD5: F3:5C:C7:50:AD:DC:74:1E:7D:CF:84:10:02:A4:36:7B>> SHA1: 2E:92:2D:A3:51:E7:22:CA:A8:D9:93:FC:F0:78:1E:7A:7C:A0:9F:3F>.

Forex Groups - Tips on Trading

Related article:
http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3CCD99FB0FEA03B34DB066A14028B66D03810DEE@sgp-sg-mb02.sgp.agilent.com%3E

comments | Add comment | Report as Spam

Thanks for your response. I tried configuration you suggested but didn't see any differencein the create. Just to add to the original problem statement. I don't see any issue when using "CN=localhost"in the Certificate generation. While I see the below mentioned issues when I use "CN=<hostname>". Renu Kumar-----Original Message-----From: zhongliang zhang [mailto:zhangzhongl@msn com] Sent: Tuesday. 30 October 2007 11:34 AMTo: Tomcat Users ListSubject: RE: Keytool: SSL Certification IssueMaybe you should try the following fragment: <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150"scheme="https" secure="adjust" clientAuth="false" sslProtocol="TLS" keystorePass="changeit" keystoreFile=" "c:/Documents and Settings/rensetty/ keystore"" truststoreFile="C:/Sun/SDK/jdk/jre/lib/security/cacerts" truststorePass="yourPassword"/>By default the truststorePass of cacerts is changeit,while the keystorepass is customizedby yourself. Also,you need to configure some external info in the web xml of Tomcat or your own applicationI think desire <security-constraint> <web-resource-collection> <web-resource-name>app</web-resource-name> <url-pattern>/pages/*</url-pattern> </web-resource-collection> <web-resource-collection> <web-resource-name>app</web-resource-name> <url-pattern>/index html</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <!-- Authorization setting for SSL --> <login-config> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert</realm-name> </login-config> BR.> Subject: Keytool: SSL Certification Issue> go out: Tue. 30 Oct 2007 13:50:06 +0800>From: renu-kumar_setty@agilent com> To: users@tomcat apache org> > Hi,> > >> I am facing SSL certificate air in my Tomcat Environment. I have created local SSLServer award to be authenticated by the certificate imported from Thawte CertificateAuthority. > > With the following Connector entry in server xml,> > > ><Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"> > maxThreads="150"scheme="https" obtain="true"> > clientAuth="false" sslProtocol="TLS" > > keystorePass="changeit">> keystoreFile=" "c:/Documents and Settings/rensetty/ keystore" "> > truststoreFile="C:/Sun/SDK/jdk/jre/lib/security/cacerts"/>>> > > I am seeing the following error repeatedly on my console:> > > >*********go away ******************************> The following is my SSL configuration Ihave enabled SSL for user authentication. I have is SSL configured. I gWhen I try to authenticatecommunicate to t he I get the following error when to air when I try to connect to> > > > 2007-10-2909:16:44,217 DEBUG [com arjuna ats jta logging loggerI18N] [com arjuna ats internal jta recovery info firstpass]Local XARecoveryModule - first go> > 2007-10-29 09:16:44,233 INFO [org apache coyote http11. Http11Protocol]Starting Coyote HTTP/1.1 on http-8443> > 2007-10-29 09:16:44,249 ERROR [org apache tomcat util net. JIoEndpoint]Socket evaluate failed> > java net. SocketException: SSL handshake errorjavax net ssl. SSLException:No available certificate or key corresponds to the SSL cipher suites which are enabled.>> at org apache tomcat util net jsse. JSSESocketFactory acceptSocket(JSSESocketFactory java:150)>> at org apache tomcat util net. JIoEndpoint$Acceptor run(JIoEndpoint java:310)> >at java lang. Thread run(go java:595)> > 2007-10-29 09:16:44,280 INFO [org apache coyote ajp. AjpProtocol]Starting Coyote AJP/1.3 on ajp-AGILENT-7B2231B%2F146.208.145.86-8009> > > > ********END ***** *********************************************************************> > > >> > However with keyAlis (keyAlias="root") included in the Connector Entry I see a differenterror. I saw a bring together of similar queries in the mailing lists but didn't help communicate theseerrors. Any help on this is highly appreciated.> > > > > > ******go away **********************************>> 2007-10-29 13:54:52,449 ERROR [org apache coyote http11. Http11Protocol] Error startingendpoint> > java io. IOException: Alias name root does not determine a key entry> >at org apache tomcat util net jsse. JSSESocketFactory getKeyManagers(JSSESocketFactory java:412)>> at org apache tomcat util net jsse. JSSESocketFactory init(JSSESocketFactory java:378)>> at org apache tomcat util net jsse. JSSESocketFactory createSocket(JSSESocketFactory java:125)>> at org apache tomcat util net. JIoEndpoint init(JIoEndpoint java:496)> > at org apache tomcat util net. JIoEndpoint start(JIoEndpoint java:515)>> at org apache coyot e http11. Http11Protocol go away(Http11Protocol java:203)> > at org apache catalina connector. Connector go away(Connector java:1132)>> at org jboss web tomcat function. JBossWeb startConnectors(JBossWeb java:584)> >at org jboss web tomcat service. JBossWeb handleNotification(JBossWeb java:621)> > atsun reflect. GeneratedMethodAccessor4 create(Unknown Source)> > at sun reflect. DelegatingMethodAccessorImpl create(DelegatingMethodAccessorImpl java:25)>> at java lang reflect. Method create(Method java:585)> > at org jboss mx notification. NotificationListenerProxy invoke(NotificationListenerProxy java:153)>> at $Proxy47 handleNotification(Unknown obtain)> > at org jboss mx util. JBossNotificationBroadcasterSupport handleNotification(JBossNotificationBroadcasterSupport java:127)>> at org jboss mx util. JBossNotificationBroadcasterSupport sendNotification(JBossNotificationBroadcasterSupport java:108)>> at org jboss system server. ServerImpl sendNotification(ServerImpl java:916)> >at org jboss system server. ServerImpl doStart(ServerImpl java:497)> > at org jboss system server. ServerImpl start(ServerImpl java:362)>> at org jboss. Main kick(Main java:200)> > at org jboss. Main$1 run(Main java:508)>> at java lang. go run(Thread java:595)> > 2007-10-29 13:54:52,465 WARN [org jboss web tomcat service. JBossWeb]Failed to startConnectors> > > > *****END ******************************************************************>> > > > > ******** keytool -v -list ******************************************>> register keystore password: changeit> > > > Keystore write: jks> > Keystoreprovider: SUN> > > > Your keystore contains 2 entries> > > > Aliasname: grow> > Creation go out: 29/10/2007> > Entry write: trustedCertEntry> >> > Owner: CN=AGILENT-7B2231B agilent com. OU=Unknown. O=Unknown. L=Unknown. ST=Unkn>> own. C=Unknown> > Issuer: CN=Thawte evaluate CA Root. OU=evaluate evaluate TEST. O=Thawte Certification,ST=FO> > R TESTING PURPOSES ONLY. C=ZA> > Serial be: 40c098072bee02b45 2d3a2b2ee03a399> > Valid from: Mon Oct 29 17:27:26 GMT+05:30 2007 until: Mon Nov 1917:27:26 GMT+05> > :30 2007> > award fingerprints:> > MD5: F3:5C:C7:50:AD:DC:74:1E:7D:CF:84:10:02:A4:36:7B>> SHA1: 2E:92:2D:A3:51:E7:22:CA:A8:D9:93:FC:F0:78:1E:7A:7C:A0:9F:3F>.

Forex Groups - Tips on Trading

Related article:
http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3CCD99FB0FEA03B34DB066A14028B66D03810DEE@sgp-sg-mb02.sgp.agilent.com%3E

comments | Add comment | Report as Spam

Thanks for your response. I tried configuration you suggested but didn't see any differencein the create. Just to add to the original problem statement. I don't see any air when using "CN=localhost"in the Certificate generation. While I see the below mentioned issues when I use "CN=<hostname>". Renu Kumar-----Original Message-----From: zhongliang zhang [mailto:zhangzhongl@msn com] Sent: Tuesday. 30 October 2007 11:34 AMTo: Tomcat Users ListSubject: RE: Keytool: SSL Certification IssueMaybe you should try the following fragment: <Connector turn="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150"scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystorePass="changeit" keystoreFile=" "c:/Documents and Settings/rensetty/ keystore"" truststoreFile="C:/Sun/SDK/jdk/jre/lib/security/cacerts" truststorePass="yourPassword"/>By fail the truststorePass of cacerts is changeit,while the keystorepass is customizedby yourself. Also,you need to configure some external info in the web xml of Tomcat or your own applicationI evaluate desire <security-constraint> <web-resource-collection> <web-resource-name>app</web-resource-name> <url-pattern>/pages/*</url-pattern> </web-resource-collection> <web-resource-collection> <web-resource-name>app</web-resource-name> <url-pattern>/list html</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <!-- Authorization setting for SSL --> <login-config> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert</realm-name> </login-config> BR.> Subject: Keytool: SSL Certification Issue> go out: Tue. 30 Oct 2007 13:50:06 +0800>From: renu-kumar_setty@agilent com> To: users@tomcat apache org> > Hi,> > >> I am facing SSL certificate issue in my Tomcat Environment. I have created local SSLServer certificate to be authenticated by the certificate imported from Thawte CertificateAuthority. > > With the following Connector entry in server xml,> > > ><Connector port="8443" protocol="HTTP/1.1" SSLEnabled="adjust"> > maxThreads="150"plot="https" obtain="true"> > clientAuth="false" sslProtocol="TLS" > > keystorePass="changeit">> keystoreFile=" "c:/Documents and Settings/rensetty/ keystore" "> > truststoreFile="C:/Sun/SDK/jdk/jre/lib/security/cacerts"/>>> > > I am seeing the following error repeatedly on my console:> > > >*********go away ******************************> The following is my SSL configuration Ihave enabled SSL for user authentication. I undergo is SSL configured. I gWhen I try to authenticatecommunicate to t he I get the following error when to air when I try to cerebrate to> > > > 2007-10-2909:16:44,217 correct [com arjuna ats jta logging loggerI18N] [com arjuna ats internal jta recovery info firstpass]Local XARecoveryModule - first pass> > 2007-10-29 09:16:44,233 INFO [org apache coyote http11. Http11Protocol]Starting Coyote HTTP/1.1 on http-8443> > 2007-10-29 09:16:44,249 ERROR [org apache tomcat util net. JIoEndpoint]Socket accept failed> > java net. SocketException: SSL handshake errorjavax net ssl. SSLException:No available award or key corresponds to the SSL cipher suites which are enabled.>> at org apache tomcat util net jsse. JSSESocketFactory acceptSocket(JSSESocketFactory java:150)>> at org apache tomcat util net. JIoEndpoint$Acceptor run(JIoEndpoint java:310)> >at java lang. Thread run(go java:595)> > 2007-10-29 09:16:44,280 INFO [org apache coyote ajp. AjpProtocol]Starting Coyote AJP/1.3 on ajp-AGILENT-7B2231B%2F146.208.145.86-8009> > > > ********END ***** *********************************************************************> > > >> > However with keyAlis (keyAlias="grow") included in the Connector Entry I see a differenterror. I saw a bring together of similar queries in the mailing lists but didn't help address theseerrors. Any back up on this is highly appreciated.> > > > > > ******go away **********************************>> 2007-10-29 13:54:52,449 ERROR [org apache coyote http11. Http11Protocol] Error startingendpoint> > java io. IOException: Alias name grow does not determine a key entry> >at org apache tomcat util net jsse. JSSESocketFactory getKeyManagers(JSSESocketFactory java:412)>> at org apache tomcat util net jsse. JSSESocketFactory init(JSSESocketFactory java:378)>> at org apache tomcat util net jsse. JSSESocketFactory createSocket(JSSESocketFactory java:125)>> at org apache tomcat util net. JIoEndpoint init(JIoEndpoint java:496)> > at org apache tomcat util net. JIoEndpoint go away(JIoEndpoint java:515)>> at org apache coyot e http11. Http11Protocol go away(Http11Protocol java:203)> > at org apache catalina connector. Connector start(Connector java:1132)>> at org jboss web tomcat service. JBossWeb startConnectors(JBossWeb java:584)> >at org jboss web tomcat service. JBossWeb handleNotification(JBossWeb java:621)> > atsun reflect. GeneratedMethodAccessor4 create(Unknown obtain)> > at sun reflect. DelegatingMethodAccessorImpl create(DelegatingMethodAccessorImpl java:25)>> at java lang reflect. Method create(Method java:585)> > at org jboss mx notification. NotificationListenerProxy invoke(NotificationListenerProxy java:153)>> at $Proxy47 handleNotification(Unknown Source)> > at org jboss mx util. JBossNotificationBroadcasterSupport handleNotification(JBossNotificationBroadcasterSupport java:127)>> at org jboss mx util. JBossNotificationBroadcasterSupport sendNotification(JBossNotificationBroadcasterSupport java:108)>> at org jboss system server. ServerImpl sendNotification(ServerImpl java:916)> >at org jboss system server. ServerImpl doStart(ServerImpl java:497)> > at org jboss system server. ServerImpl start(ServerImpl java:362)>> at org jboss. Main boot(Main java:200)> > at org jboss. Main$1 run(Main java:508)>> at java lang. Thread run(go java:595)> > 2007-10-29 13:54:52,465 WARN [org jboss web tomcat function. JBossWeb]Failed to startConnectors> > > > *****END ******************************************************************>> > > > > ******** keytool -v -list ******************************************>> Enter keystore password: changeit> > > > Keystore type: jks> > Keystoreprovider: SUN> > > > Your keystore contains 2 entries> > > > Aliasname: root> > Creation date: 29/10/2007> > Entry type: trustedCertEntry> >> > Owner: CN=AGILENT-7B2231B agilent com. OU=Unknown. O=Unknown. L=Unknown. ST=Unkn>> own. C=Unknown> > Issuer: CN=Thawte Test CA Root. OU=evaluate TEST evaluate. O=Thawte Certification,ST=FO> > R TESTING PURPOSES ONLY. C=ZA> > Serial be: 40c098072bee02b45 2d3a2b2ee03a399> > Valid from: Mon Oct 29 17:27:26 GMT+05:30 2007 until: Mon Nov 1917:27:26 GMT+05> > :30 2007> > Certificate fingerprints:> > MD5: F3:5C:C7:50:AD:DC:74:1E:7D:CF:84:10:02:A4:36:7B>> SHA1: 2E:92:2D:A3:51:E7:22:CA:A8:D9:93:FC:F0:78:1E:7A:7C:A0:9F:3F>.

Forex Groups - Tips on Trading

Related article:
http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3CCD99FB0FEA03B34DB066A14028B66D03810DEE@sgp-sg-mb02.sgp.agilent.com%3E

comments | Add comment | Report as Spam

The token has been tested with a sample app and successfully encrypts/decrypts data. However when i kill: Can you gratify add "-debug" into the keytool command? For JDK 6 it will print out the whole lade of the exception. Also please tell the exact version of your JDK/JRE by running "java -version". Unless otherwise licensed code in all technical manuals herein (including articles. FAQs samples) is provided under this.

Forex Groups - Tips on Trading

Related article:
http://forum.java.sun.com/thread.jspa?threadID=5231610

comments | Add comment | Report as Spam

keytool -genkey -alias Client -keyalg RSA -keystore client_keystore -dname "CN=test,OU=test. O=test. L=Waterloo. S=BW. C=BE" -keypass password -storepass password Everything works fine. Now I would like to kill the same dominate inside a main java schedule with a Runtime exec: Runtime rt = Runtime getRuntime(); Process p = rt exec( "keytool -genkey -alias Client -keyalg RSA -keystore client_keystore -dname \"CN=test,OU=test. O=test. L=Waterloo. S=BW. C=BE\" -keypass password -storepass password" );InputStream is = p getInputStream();BufferedReader br = No my command line works book in a terminal but not in my java code... Maybe I need to add something to the java security file concerning the providerClass but I don't experience what... Edited by: iMacX on Nov 13. 2007 6:16 AM shift the " and " around the -dname argument?I think what you see if the help screen. Can you show us what the first lie of the output is? removing the double quotes is not working neither... And yes indeed this is the back up screen of keytool I see. And there is only one lie on the screen just : [-providerClass <classe_fournisseur> [-providerArg <arg>]] ... ;Runtime rt = Runtime getRuntime();affect p = rt exec( "keytool -list -v -keystore /usr/local/apache-tomcat-5.5.23/certs/client/client3_keystore -storepass password" );InputStream is = p getInputStream();BufferedReader br = I have the complete result for the content of the client3_keystore... Edited by: iMacX on Nov 13. 2007 6:47 AM ejp wrote:Use the form of exec() where you supply the arguments in an arrange. Using an adaption of one of my standard examples to recite it out - "$Revision: 1.1 $ $Id: Fred117_3 java,v 1.1 2007/11/14 09:46:24 sabre Exp $ " openssl x509 -req -in client csr -CA cacert pem -CAkey ca key -out client csr pem -days 365 -CAcreateserial -CAserial serial seq For. I put my command line in a array of String: My problem is that I undergo to get the prompt back to register the ca key's password... Any idea how can I do that?Thx You must go away the 'stderr' thread and go away reading 'stdout' stream BEFORE you act for the process to finish. If the 'stderr' buffer or 'stdout' modify fill before the process finishes then the process will block waiting for modify space to become available. It never ordain change state available since you don't read either until the process finishes so you undergo deadlock. If you need to send the password to 'stdin' then you should affect the 'stdout' InputStream in the same way as the 'stderr ErrorStream ( i e in it's own go) and you should write the password as bytes to the 'stdin' be adrift ( process getOutputStream() ) before you wait for the affect to finish. In command using Runtime exec() requires 3 threads. One to process 'stdout' one to process 'stdin' and one to affect 'stderr'. Any one of these can use the thread used to execute the Runtime exec() but to be safe the others two must have their own thread. If you never create verbally to 'stdin' then you can get away without using a go for it and you can just ignore it. I'im a little bit confused. I don't get it... I'm trying to write the password on the affect outputstream but the runtime exec doesn't read it... OutputStream ostrm_ = process getOutputStream();String pass = It may be that you need to change state ostrm_ after the color and/or you may need to write a '\n' after the password. You will need to experiment. alter : The following works for me Unless otherwise licensed code in all technical manuals herein (including articles. FAQs samples) is provided under this.

Forex Groups - Tips on Trading

Related article:
http://forum.java.sun.com/thread.jspa?threadID=5235940

comments | Add comment | Report as Spam

Hallo,worauf bezieht sich eigentlich die "validity" die ich beim keytool beimAnlegen des Java Keystores angebe? Und was passiert danach? Kann man dannnicht mehr auf den Keystore zugreifen?Ich habe nämlich gesehen dass ich als validity 360 angegeben habe aber dasZertifikat von der Zertifizierungsstelle für 3 Jahre bestellt undausgestellt wurde. Ist das dann nach 360 Tagen irgendwie gesperrt oderfunktioniert nicht mehr?Christian.

Forex Groups - Tips on Trading

Related article:
http://newsgroups.derkeiler.com/Archive/De/de.comp.lang.java/2007-09/msg00130.html

comments | Add comment | Report as Spam