tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert J. Sanford, Jr." <>
Subject RE: Installing IIS Certificates in Tomcat?
Date Mon, 11 Aug 2003 18:41:41 GMT
Okay, using the .pfx file directly and the keystoreType="PKCS12" worked with
no hitches. Well, one minor hitch but that was pilot error on my part. Many


> > That's great advice but it doesn't answer my
> > basic question of whether or not I can import
> > a certificate that was issued based on a
> > request generated by IIS.
> Since I don't use IIS, I don't know the answer.
> However, if you can export the cert in pkcs12
> format (which Windows usually does with the
> "export private key" option), then you should
> be able to use the resulting (either ".p12" or
> ".pfx") file as your keystore.  You need to
> set 'keystoreType="pkcs12"' on the Factory
> element.  Sun's support for pkcs12 is a bit
> limited, so make certain that you only export
> your server's cert, and *not* the signers as
> well.
> Since you are using a Verisign cert, this
> should be enough (since the signer is already
> in cacerts).
> Alternatively, once you have your ".p12" file,
> you can use OpenSSL or otherwise to split it
> out into a private-key and certificate file.
> You can then use the program at
> to
> import them.

View raw message