Menu
▾
▴
[ebxmlms-general] SSL
|
From: Ted S. <ts...@fr...> - 2004-11-02 06:35:53
|
We have just moved back to testing SSl for the MSH and still are experiencing some issues. Any thoughts on where we are going wrong. Have set up SSL as follows: 1. Set up digital certificate Keytool -genkey -keyalg RSA -alias tomcat server - keystore server.keystore 2. Create Self signed certificate . Export server certificate to a certificate file Keytool -keystore server.keystore -export -alias tomcat-server -file server.cer . Password changeit . Import new certificate into certificate authority file cacerts.jks Keytool -import -alias serverCA -keystore <home>/cacerts.jks - server.cer Password changeit 3. Create Client Certificate for mutual authentication . Create client certificate in keystore Keytool -keystore client.keystore -export -alias jwsdp-client -file client.cer Password changeit . Import new certificate into servers certificate authority file cacerts.jks Keytool -imprt -alias root -keystore <home>/cacerts.jks -file client.cer . Checked contents of the server certificate Keytool -list -keystore serverkeystore -alias tomcat-server -v Cacerts file Keytool -list -keystore cacerts.jks Set up tomcat server.xml with port 8443 4. Run tomcat check that https running-OK 5. Set up msh properties TrustedAnchor> <KeyStore> <Path>C:/java/security</Path> <File>cacerts.jks</File> <Password>changeit</Password> </KeyStore> </TrustedAnchor> <AckSign> <KeyStore> <Path>C:/java/security/keystore/server</Path> <File>server.keystore</File> <Algorithm>dsa-sha1</Algorithm> <Alias>tomcat-server</Alias> <Password>changeit</Password> </KeyStore> </AckSign> </DigitalSignature> <SSL> <!-- Optional property specifying the implementation class name of com.sun.net.ssl.HostnameVerifier from JSSE 1.0 which handle the case when the URL's hostname and the server's identification hostname mismatch--> <!--<HostnameVerifier></HostnameVerifier>--> <TrustedAnchor> <!-- Trust keystore for SSL Server Authentication --> <KeyStore> <Path>C:/java/security</Path> <File>cacerts.jks</File> <Password>changeit</Password> </KeyStore> </TrustedAnchor> <ClientAuth> <URL>https://localhost/msh/ <https://localhost/msh/%3c/URL> </URL> <KeyStore> <Path>C:/java/security/keystore/server</Path> <File>server.keystore</File> <Alias>tomcat-server</Alias> <Password>changeit</Password> </KeyStore> </ClientAuth> </SSL> 1. Start tomcat check out msh log see that the All ok -picked up certificates 2 entries. Monitor Used the section digital signature. Confused on terminology The purpose of my test is to determine if the certificate is working. Are these the same thing? Digital signature and certificate. I not in the consol that the app is trying to get a signature Entries Alias-tomcat-server Password-changeit Keystore-c:\tomcat\server.keystore Variation Keystore-c:\tomcat\cacerts.jks Exception in consol 1002 Help Im certainly doing something wrong can anyone advise. Ted |
