tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Campbell <chris.campb...@lincmedia.co.jp>
Subject RE: Tomcat4 standalone keystore - existing private key problem
Date Wed, 27 Feb 2002 06:53:21 GMT

To answer my own question and perhaps help someone searching archives on
similar problems, the page at
http://www.cs.indiana.edu/~chiuk/security/ssl/jsse/certificates/ tells me
"Though sufficient for some tasks, a major deficiency of the keytool utility
is its inability to import a private key." Great. Looks like we will be
going through apache then.

ChrisC


> -----Original Message-----
> From: Chris Campbell 
> Sent: Monday, February 25, 2002 12:38 PM
> To: 'tomcat-user@jakarta.apache.org'
> Subject: Tomcat4 standalone keystore - existing private key problem
> 
> 
> 
> Hi
> 
> I am trying to setup Tomcat 4.0.1 standalone to serve ssl 
> pages certified by
> Verisign. I can use (self signed) certificates generated by 
> keytool with no
> problem, but I can't set up the keystore to work with Verisign's.
> To explain a little more, the private key I have was 
> generated by openssl
> (openssl genrsa -rand rand.dat -des 1024 > key.pem) and is of 
> the type:
> 
> -----BEGIN RSA PRIVATE KEY-----
> Proc-Type: 4,ENCRYPTED
> DEK-Info: DES-CBC,91B2224E3C5D1BA5
> 
> If I try to import this into my keystore like 
> 
> keytool -import -file /root/key.pem
> 
> I get the error 'Input not an X.509 certificate'. Importing 
> the certificate
> reply from Verisign in the same way works no problem, but I know from
> setting up Apache that the private key is also necessary 
> right? And for
> tomcat, it seems that it must be in the keystore (no other 
> configuration
> options as far as I know). I think everything would work if I 
> could just get
> that private key into a form that keytool understands, then into the
> keystore... is this possible?
> 
> Thanks, 
> 
> ChrisC
> 
> --
> To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
> 

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message