tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ignacio Barrancos Martinez <ignacio.barran...@carm.es>
Subject Re: Conflict openssl versus keytool
Date Tue, 27 Jan 2004 09:02:27 GMT
El sáb, 24-01-2004 a las 07:49, Bill Barker escribió:
> I sound like a broken record here :)
> There is a utility at http://www.comu.de/docs/tomcat_ssl.htm to import your
> OpenSSL certs into a JKS keystore.  Alternatively, the ssl_howtow for TC 5.x
> contains an example of how to configure a PKCS12 keystore from an OpenSSL
> keystore.
> 

Thanks, a lot of thanks, work fine :-)
Very much thanks.

Ignacio


> "Ignacio Barrancos Martinez" <ignacio.barrancos@carm.es> wrote in message
> news:1074877801.5736.22.camel@PC1024...
> > Hi all,
> >
> >   I am running two web servers on the same Linux machine.
> > 1) is running Apache 1.3.19 and,
> > 2) Jakarta-Tomcat-4.0.5.
> >
> > I have been able to successfully import and configure a Digital
> > Certificate from Verisign into the Apache web server.
> >
> > When I attempt to import the Digital Certificate into the keystore for
> > Tomcat I receive the following error
> > message:
> >
> > keytool error: java.lang.Exception: Public keys in reply and keystore
> > don't match
> >
> > Here are the steps that I have been following:
> >
> > To generate the original csar:
> >
> > # openssl req -new -nodes -keyout private.key -out public.csr
> > # openssl rsa -in private.key -des3 -out secureprivate.key
> >
> > To import the file into Tomcat I did the following:
> >
> > # keytool -genkey -alias tomcat -keyalg RSA
> > (This created the keystore in the home directory)
> >
> > # keytool -import -alias root -keystore .keystore \-trustcacerts
> >   -file /etc/httpd/ssl.crt/intermediate.crt
> > (The chain certificate from Verisign)
> >
> > # keytool -import -alias tomcat -keystore .keystore -trustcacerts -file
> > /etc/httpd/ssl.crt/server.crt
> > Enter keystore password:  changeit
> >
> > QUESTIONS:
> > ==========
> > 1) Is there a way to import this CAcertificate into a keystore that was
> > generated using keytool, when the original CSR was generated using
> > OpenSSL?
> >
> > 2) Can i import RSA key generated with openSSL, into a new keystore made
> > with keytool? I want to import the server.crt (signed from Verisign) to
> > my keystore using keytool.
> >
> > -> I have read
> http://marc.theaimsgroup.com/?l=tomcat-user&m=106293430225790&w=2
> > and i have done all the steps until Step 11. Using IExplorer 6 (windows XP
> SP1)
> > going to jakarta's app url, the browser Can't find the site, and in the
> bottom of
> > the page shows little message: "Can't find the name server in DNS"
> (without error
> > number), but the same URL using Mozilla shows validate Certificate window.
> >
> > Thanks in advance,
> > Ignacio Barrancos
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message