tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <>
Subject Re: [HELP!] Which key alias names to use for SSL?
Date Sat, 11 Oct 2003 20:51:01 GMT
On 10/11/2003 09:08 PM Sonny Sukumar wrote:
> [I sent this once before, but got no response, and I'm not sure what to 
> do.  Thanks in advance.]
> Hi guys,
> I'm trying to setup my Tomcat (4.1.27) server to work with SSL.  I got a 
> CA-signed cert to go with my private key and CA root cert, but I'm 
> confused as to how to name the alias for the CA-signed-cert and my 
> private key.
> The Tomcat SSL How-To is confusing me, becuase it says to give the 
> "tomcat" alias to both the private key and the CA-signed key.  I tried 
> it and it overwrote my private key (luckily I made a backup of my 
> keystore).
> I'm looking at this documentation:
> It also doesn't seem possible to configure the alias names in 
> server.xml.  So what alias names should I use? :-)

Hi Sonny,
the following is from a thread I kept since I knew I would need it one 
day. There's more in the list archives in this thread if you need it 
(sorry don't have the link to the thread):


I still don't know what I did wrong in the first place, but after 
starting over with VeriSign, all is well now.  I thought I'd share the 
(simple!) steps I took to get SSL running using keytool/tomcat in case 
anyone else might find this useful:

# keytool -genkey -alias tomcat -keyalg RSA
[enter a password and all necessary information, then just <enter> at 
next password prompt]
# cp ~/.keystore ~/.keystore-backup
# keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr
[enter same password]
[give contents of certreq.csr to VeriSign and wait for response...]
[NOTE: when asked to select my server software, I chose "apache" since they
didn't have Tomcat in their list...I don't know if this matters, but it
# keytool -import -trustcacerts -file intermediate.crt -alias root
[enter same password]
[NOTE: intermediate.crt is the file found here:]
# keytool -import trustcacerts -file public.crt -alias tomcat
[enter same password]
[where public.crt is the certificate sent from VeriSign after they complete
their approval process]
[finally, edit ...tomcat/conf/server.xml and enable the SSL connector
section, adding keystorePass="[password]"
as an attribute to the Factory tag]

Hope this helps.

Thanks to all who provided suggestions along the way.

struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message