tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert J. Sanford, Jr." <rsanf...@trefs.com>
Subject RE: Installing IIS Certificates in Tomcat?
Date Mon, 11 Aug 2003 18:41:41 GMT
Okay, using the .pfx file directly and the keystoreType="PKCS12" worked with
no hitches. Well, one minor hitch but that was pilot error on my part. Many
thanks!

rjsjr

> > That's great advice but it doesn't answer my
> > basic question of whether or not I can import
> > a certificate that was issued based on a
> > request generated by IIS.
>
> Since I don't use IIS, I don't know the answer.
> However, if you can export the cert in pkcs12
> format (which Windows usually does with the
> "export private key" option), then you should
> be able to use the resulting (either ".p12" or
> ".pfx") file as your keystore.  You need to
> set 'keystoreType="pkcs12"' on the Factory
> element.  Sun's support for pkcs12 is a bit
> limited, so make certain that you only export
> your server's cert, and *not* the signers as
> well.
>
> Since you are using a Verisign cert, this
> should be enough (since the signer is already
> in cacerts).
>
> Alternatively, once you have your ".p12" file,
> you can use OpenSSL or otherwise to split it
> out into a private-key and certificate file.
> You can then use the program at
> http://www.comu.de/docs/tomcat_ssl.htm to
> import them.


Mime
View raw message