tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wolfgang Stein <zo...@gmd-net.de>
Subject RE: Tomcat4 standalone keystore - existing private
Date Wed, 27 Feb 2002 10:03:06 GMT
> Looks like we will be going through apache then.
> 

Or use a utility written in java available with source from
http://www.comu.de.

It doesn't really import but generates a new keystore containing
the cert with priv key. Since you only need one entry for a 
ssl server cert (alias tomcat) it is sufficient.

I used it with success.

Gruss,
Wolfgang
 

> -----Urspr√ľngliche Nachricht-----
> Von: Chris Campbell [mailto:chris.campbell@lincmedia.co.jp]
> Gesendet: Mittwoch, 27. Februar 2002 07:53
> An: 'Tomcat Users List'
> Betreff: RE: Tomcat4 standalone keystore - existing private 
> key problem
> 
> 
> 
> To answer my own question and perhaps help someone searching 
> archives on
> similar problems, the page at
> http://www.cs.indiana.edu/~chiuk/security/ssl/jsse/certificate
> s/ tells me
> "Though sufficient for some tasks, a major deficiency of the 
> keytool utility
> is its inability to import a private key." Great. Looks like 
> we will be
> going through apache then.
> 
> ChrisC
> 
> 
> > -----Original Message-----
> > From: Chris Campbell 
> > Sent: Monday, February 25, 2002 12:38 PM
> > To: 'tomcat-user@jakarta.apache.org'
> > Subject: Tomcat4 standalone keystore - existing private key problem
> > 
> > 
> > 
> > Hi
> > 
> > I am trying to setup Tomcat 4.0.1 standalone to serve ssl 
> > pages certified by
> > Verisign. I can use (self signed) certificates generated by 
> > keytool with no
> > problem, but I can't set up the keystore to work with Verisign's.
> > To explain a little more, the private key I have was 
> > generated by openssl
> > (openssl genrsa -rand rand.dat -des 1024 > key.pem) and is of 
> > the type:
> > 
> > -----BEGIN RSA PRIVATE KEY-----
> > Proc-Type: 4,ENCRYPTED
> > DEK-Info: DES-CBC,91B2224E3C5D1BA5
> > 
> > If I try to import this into my keystore like 
> > 
> > keytool -import -file /root/key.pem
> > 
> > I get the error 'Input not an X.509 certificate'. Importing 
> > the certificate
> > reply from Verisign in the same way works no problem, but I 
> know from
> > setting up Apache that the private key is also necessary 
> > right? And for
> > tomcat, it seems that it must be in the keystore (no other 
> > configuration
> > options as far as I know). I think everything would work if I 
> > could just get
> > that private key into a form that keytool understands, then into the
> > keystore... is this possible?
> > 
> > Thanks, 
> > 
> > ChrisC
> > 
> > --
> > To unsubscribe:   
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > For additional commands: 
> <mailto:tomcat-user-help@jakarta.apache.org>
> > Troubles with the list: 
> <mailto:tomcat-user-owner@jakarta.apache.org>
> > 
> 
> --
> To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
>

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message