Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org Received: (qmail 17572 invoked from network); 27 Feb 2002 06:48:06 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by 63.251.56.142 with SMTP; 27 Feb 2002 06:48:06 -0000 Received: (qmail 22727 invoked by uid 97); 27 Feb 2002 06:47:55 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-user@jakarta.apache.org Received: (qmail 22696 invoked by uid 97); 27 Feb 2002 06:47:54 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 22685 invoked from network); 27 Feb 2002 06:47:54 -0000 Message-ID: From: Chris Campbell To: 'Tomcat Users List' Subject: RE: Tomcat4 standalone keystore - existing private key problem Date: Wed, 27 Feb 2002 15:53:21 +0900 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-2022-jp" X-Spam-Rating: 63.251.56.142 1.6.2 0/1000/N X-Spam-Rating: 63.251.56.142 1.6.2 0/1000/N To answer my own question and perhaps help someone searching archives on similar problems, the page at http://www.cs.indiana.edu/~chiuk/security/ssl/jsse/certificates/ tells me "Though sufficient for some tasks, a major deficiency of the keytool utility is its inability to import a private key." Great. Looks like we will be going through apache then. ChrisC > -----Original Message----- > From: Chris Campbell > Sent: Monday, February 25, 2002 12:38 PM > To: 'tomcat-user@jakarta.apache.org' > Subject: Tomcat4 standalone keystore - existing private key problem > > > > Hi > > I am trying to setup Tomcat 4.0.1 standalone to serve ssl > pages certified by > Verisign. I can use (self signed) certificates generated by > keytool with no > problem, but I can't set up the keystore to work with Verisign's. > To explain a little more, the private key I have was > generated by openssl > (openssl genrsa -rand rand.dat -des 1024 > key.pem) and is of > the type: > > -----BEGIN RSA PRIVATE KEY----- > Proc-Type: 4,ENCRYPTED > DEK-Info: DES-CBC,91B2224E3C5D1BA5 > > If I try to import this into my keystore like > > keytool -import -file /root/key.pem > > I get the error 'Input not an X.509 certificate'. Importing > the certificate > reply from Verisign in the same way works no problem, but I know from > setting up Apache that the private key is also necessary > right? And for > tomcat, it seems that it must be in the keystore (no other > configuration > options as far as I know). I think everything would work if I > could just get > that private key into a form that keytool understands, then into the > keystore... is this possible? > > Thanks, > > ChrisC > > -- > To unsubscribe: > For additional commands: > Troubles with the list: > -- To unsubscribe: For additional commands: Troubles with the list: