tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jay Garala" <...@electrosoft-inc.com>
Subject RE: SSL/Verisign Confusion
Date Fri, 05 Sep 2003 13:11:33 GMT
Try the Java keytool help:
 http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html

Tomcat how-to:
 http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html

If you have OpenSSL:
 http://forum.java.sun.com/thread.jsp?forum=2&thread=4240

Jay
-----Original Message-----
From: Dave Wood [mailto:dave@woodtopia.org] 
Sent: Friday, September 05, 2003 1:04 AM
To: Tomcat Users List
Subject: RE: SSL/Verisign Confusion

Thanks Bill.  I think this highlights something I'm really not
understanding...

Didn't I generate an important "private key" somewhere along the line that I
can't just regenerate if I blow away my keystore?  I assumed the certificate
I got back from verisign would only work if I still had the original private
key I generated before sending them my request.  Is that wrong?

(I'll take a look at the link you sent...at first glance, it looks a little
hard to follow, but hopefully not).

Thanks again.

Dave

-----Original Message-----
From: news [mailto:news@sea.gmane.org]On Behalf Of Bill Barker
Sent: Thursday, September 04, 2003 11:06 PM
To: tomcat-user@jakarta.apache.org
Subject: Re: SSL/Verisign Confusion


Firstly, it looks like you should wipe you keystore and start again.  To use
a VS cert with Tomcat, the two options I know are:
1) Follow the instructions at http://www.comu.de/docs/tomcat_ssl.htm.
2) Using openssl or otherwise, convert your cert+key to a pkcs12 file, and
use that as your keystore (remember to set 'keystoreType="pkcs12"' on the
Factory in server.xml).


"Dave Wood" <dave@woodtopia.org> wrote in message
news:EBEBKKMEAECJFOHFOLHLIELKCIAA.dave@woodtopia.org...
> I'm having a problem getting an SSL certificate from Verisign working
> correctly.  I'm going to include everything I can think of that MIGHT be a
> problem.  Unfortunately, there are a couple things I can't quite remember
> for certain.  Here's the situation:
>
> 1. I generated the initial key using an alias other than "tomcat" (we'll
> call it "company")
> 2. I generated the CSR and sent it to verisign.  I still have this file.
> 3. Verisign changed the company name during the verification process (from
> an acronym to the full spelling of the name)
> 4. I now have the certificate that they sent back after the validation
> process.
> 5. One thing I can't account for is why when I see this:
>
> $ keytool -list
>
> Keystore type: jks
> Keystore provider: SUN
>
> Your keystore contains 4 entries: (...others removed...)
>
> company, Fri Aug 22 08:47:04 MDT 2003, trustedCertEntry,
> Certificate fingerprint (MD5):
> 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 (the numbers aren't really
> 0's)
>
> ...I think I must have self-signed or something (I was doing a couple of
> these things and don't recall exactly), but I'm surprised to see
> "trustedCertEntry" here.
>
> The problem I'm having is this:
>
> $ keytool -import -trustcacerts -alias company -file public.crt
> Enter keystore password: xxx
> keytool error: java.lang.Exception: Certificate not imported, alias
> <company> already exists
>
> (but I'm thinking it should be REPLACING this entry, so the fact that it
> exists shouldn't be a problem???)
>
> So, I have several questions:
>
> 1. Am I hosed completely because I didn't use "tomcat" as the alias?
> 2. How does the private key get stored exactly?  I assume that if I delete
> the current entry for the "company" alias, I'll be losing the private key,
> right?
> 3. Can someone provide steps I should take to get this working given what
I
> have said above.
>
> Thanks so much in advance.  Sorry to be so long-winded.
>
> -Dave
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org




Mime
View raw message