tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jay Garala" <>
Subject RE: SSL/Verisign Confusion
Date Fri, 05 Sep 2003 16:06:58 GMT
Is public the one returned from Versign or is it the Verisign's CA Cert?

If you want try following to see if the cert exists within JDK trusted
Execute from jdk\jre\lib\security Directory

keytool -list -keystore cacerts -storepass changeit


-----Original Message-----
From: Dave Wood [] 
Sent: Thursday, September 04, 2003 11:12 PM
To: Tomcat Email List
Subject: SSL/Verisign Confusion

I'm having a problem getting an SSL certificate from Verisign working
correctly.  I'm going to include everything I can think of that MIGHT be a
problem.  Unfortunately, there are a couple things I can't quite remember
for certain.  Here's the situation:

1. I generated the initial key using an alias other than "tomcat" (we'll
call it "company")
2. I generated the CSR and sent it to verisign.  I still have this file.
3. Verisign changed the company name during the verification process (from
an acronym to the full spelling of the name)
4. I now have the certificate that they sent back after the validation
5. One thing I can't account for is why when I see this:

$ keytool -list

Keystore type: jks
Keystore provider: SUN

Your keystore contains 4 entries: (...others removed...)

company, Fri Aug 22 08:47:04 MDT 2003, trustedCertEntry,
Certificate fingerprint (MD5):
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 (the numbers aren't really

...I think I must have self-signed or something (I was doing a couple of
these things and don't recall exactly), but I'm surprised to see
"trustedCertEntry" here.

The problem I'm having is this:

$ keytool -import -trustcacerts -alias company -file public.crt
Enter keystore password: xxx
keytool error: java.lang.Exception: Certificate not imported, alias
<company> already exists

(but I'm thinking it should be REPLACING this entry, so the fact that it
exists shouldn't be a problem???)

So, I have several questions:

1. Am I hosed completely because I didn't use "tomcat" as the alias?
2. How does the private key get stored exactly?  I assume that if I delete
the current entry for the "company" alias, I'll be losing the private key,
3. Can someone provide steps I should take to get this working given what I
have said above.

Thanks so much in advance.  Sorry to be so long-winded.

Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (
Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message