tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oily Pakora <>
Subject RE: problems with adding Verisign root certificate to keystore
Date Wed, 14 Jan 2004 23:33:46 GMT
You all might want to try the following to fix the keystore issue.  It involves using
your IE browser on Windows to import both the certificate and the intermediate CA.  Then
you export the certificate as a PCKS#7:

1) Copy the base64 file (including the begin and end header/footers) to your desktop and
give it a .cer extension.  Double-click on the file and Windows will open it up.  Click
on the "Install Certificate" button to install the certificate into your CAPI store.  You
can accept all the defaults during the certificate import prompts.

2) Grab the new VeriSign CA cert from:

3) Copy the base64 intermediate CA to a file, like you did in Step 1.  Also click the
"Install Certificate" button to install the certificate to the CAPI store, like you did
in step 1.

Now you have both the certificate and the intermediate CA inside your CAPI store.

4) Next, in MSIE, click on Tools->Internet Options.  Go to the Content tab and click on
the Certificates button.  Click on the "Other People" tab and find the certificate you
imported in step 1.  Highlight that certificate and click the Export button.  The first
option in the wizard - you need to select the PCKS7 radio button and check the box
underneath that states "Include all certificates in the chain" or something like that. 
Follow the remaining prompts and save the resulting PKCS7 file on your machine somewhere.

This file is now a PCKS#7 BINARY file.  You need to convert it to base64 now.

5) Download the base64 command line tool from: 
There is a Windows .zip file that contains a precompiled program you can use.  The source
is also there if you want to compile it.

6) Extract the .exe file in the ZIP and also copy the PKCS#7 file you created in step 4
to the same directory.

7) Run the command "base64 -e pkcs7file.p7b base64file.txt"  
This will create a base64 version of the file

8) Edit the .txt file and add a header of:
-----BEGIN PKCS7-----
and a footer of:
-----END PKCS7-----

9) You should be able to import the cert using keytool.

Oily Pakora

Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message