tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Slavik Markovich" <Slavik.Markov...@orange.co.il>
Subject RE: problems with adding Verisign root certificate to keystore
Date Wed, 14 Jan 2004 08:34:20 GMT
Just bumped into this problem myself.
Didn't know that the ImportKey code exists so had to write my own :-(.
I think that your problem is (based on the problem I had) that when you
use ImportKey on the certificate you received from Verisign, you don't
have a certificate chain to the intermediate CA. The simplest solution
that worked for me was to edit the certificate from verisign and paste
the intermediate certificate after your certificate thus creating the
certificate chain.
-----BEGIN CERTIFICATE-----
Your certificate here
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Verisign intermediate certificate here
-----END CERTIFICATE-----

I think that the only reason it worked so far was that the intermediate
certificate exists in IE predefined certificates (cached there under
Tools->Internet Options->Content->Certificates->Intermediate Certificate
Authorities).

Hope that helps,

Slavik.

-----Original Message-----
From: Jorrit Kronjee [mailto:jorrit@infopact.nl]
Sent: Monday, January 12, 2004 12:08 PM
To: tomcat-user@jakarta.apache.org
Subject: problems with adding Verisign root certificate to keystore


Dear list,

I've been browsing to the archives a bit, but I couldn't find what i am 
looking for, so I'll ask here.

Since the expiration of one of the Verisign certificates, the SSL 
certificate on our Tomcat server is no longer valid. Back then I 
imported the key and certificate with ImportKey from 
http://www.computer-mutter.de/docs/tomcat_ssl/comu/ImportKey.java

That still works, but somehow I can't add the new Verisign certificate 
too. I've tried adding it with alias "root" through keytool, but it 
doesn't seem to work. I also added the new certificates from Verisign to

cacerts as 
http://sunsolve.sun.com/pub-cgi/retrieve.pl?type=0&doc=fsalert/57436 
suggests. What am I doing wrong?


Thanks in advance,


Jorrit



-- 
InfoPact Netwerkdiensten B.V.
http://www.infopact.nl/

Emmastraat 11-13
3255 BD Oude Tonge
tel. +31(0)187-64 77 11
fax. +31(0)187-64 77 99


---------------------------------------------------------------------------------------------------------------
This message contains information that may be confidential or privileged.
If you are not the intended recipient, you may not use, copy or disclose
to anyone any of the information in this message. If you have received
this message and are not the intended recipient, kindly notify the sender
and delete this message from your computer.


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message