Return-Path: 
 <tomcat-user-return-61793-qmlist-jakarta-archive-tomcat-user=nagoya.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org
Received: (qmail 86611 invoked from network); 24 Apr 2003 19:38:11 -0000
Received: from exchange.sun.com (192.18.33.10)
  by daedalus.apache.org with SMTP; 24 Apr 2003 19:38:11 -0000
Received: (qmail 26485 invoked by uid 97); 24 Apr 2003 19:40:12 -0000
Delivered-To: qmlist-jakarta-archive-tomcat-user@nagoya.betaversion.org
Received: (qmail 26478 invoked from network); 24 Apr 2003 19:40:11 -0000
Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12)
  by nagoya.betaversion.org with SMTP; 24 Apr 2003 19:40:11 -0000
Received: (qmail 85160 invoked by uid 500); 24 Apr 2003 19:37:55 -0000
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-user-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-user-help@jakarta.apache.org>
List-Post: <mailto:tomcat-user@jakarta.apache.org>
List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org>
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 85149 invoked from network); 24 Apr 2003 19:37:55 -0000
Received: from myptschilsrv01.corp.mypoints.com (HELO schxchmail.mypoints.com)
 (209.141.54.201)
  by daedalus.apache.org with SMTP; 24 Apr 2003 19:37:55 -0000
Received: by myptschilxch.corp.mypoints.com with Internet Mail Service
 (5.5.2656.59)
	id <JFY1N56A>; Thu, 24 Apr 2003 14:36:27 -0500
Message-ID: 
 <F1FF357E591DD41193D300508BAC63750E2A5CBA@myptschilxch.corp.mypoints.com>
From: Brett Neumeier <brett.neumeier@ualloyalty.com>
To: 'Tomcat Users List' <tomcat-user@jakarta.apache.org>
Subject: RE: Tomcat 4.1.24 enable SSL
Date: Thu, 24 Apr 2003 14:36:26 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: text/plain
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

Hello Bala,

I hear that the JCE crypto provider at http://www.bouncycastle.org/ can
write PKCS12 certificates into key stores.  Try:

1. Obtain the signed provider JAR from http://www.bouncycastle.org/
2. Put it in $JAVA_HOME/jre/lib/ext
3. run keytool with "-provider
org.bouncycastle.jce.provider.BouncyCastleProvider".

Alternatively, you can perhaps use OpenSSL to convert the certificate
format.

Cheers,

bn

> -----Original Message-----
> From: Balakrishna Kudaravalli [mailto:bkudarav@cisco.com]
> Sent: Thursday, April 24, 2003 2:06 PM
> To: Tomcat Users List
> Subject: Re: Tomcat 4.1.24 enable SSL
> 
> 
> Hi All,
> 
> I am re-posting this mail. Could any one plesae help me.
> 
> Thanks,
> -Bala
> 
> 
> Hi Mark,
> 
> Could you please let me know the command I need to use to 
> import a pkcs12 
> server cert into a keystore (assuming I need to create a new 
> keystore). Do 
> I need to have only a server cert in the keystore or both 
> server & CA certs 
> to enable SSL on Tomcat.
> 
> Thanks for all your help.
> 
> Regards,
> -Bala
> 
> 
> At 07:03 AM 4/24/2003 -0400, you wrote:
> >you should be able to use PKCS12.  Just change the keystore 
> type from JKS 
> >(default) to PKCS12.
> >
> >Balakrishna Kudaravalli wrote:
> >
> >>Hi All,
> >>
> >>Issue: Enabling SSL for Tomcat 4.1.24
> >>
> >>1. I have created a cert using keytool -genkey -alias 
> tomcat -keyalg 
> >>RSA  and have given a password "changeit" (default)
> >>2. Uncommented SSL coyote HTTP/1.1 connector in server.xml. 
> Since the 
> >>Keystore is at a deafault loc, I have not given a 
> keystoreFile attribute
> >>3. On starting up Tomcat, HTTPS works fine
> >>
> >>Issue:
> >>4. Now, I need to replace the default cert with the certs 
> provided by our 
> >>internal folks. How do I do that ? the certs provided to me 
> are in pkcs 
> >>12 format:
> >>
> >>5. Should I convert the pkcs12 certs into x509 ?
> >>
> >>6. What certs should I import into the keystore (server, 
> client, ca) ?
> >>
> >>Your help would be greatly appreciated.
> >>
> >>Thank you,
> >>-Bala
> >>
> >
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org