tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oily Pakora <oilypak...@yahoo.com>
Subject RE: problems with adding Verisign root certificate to keystore
Date Wed, 14 Jan 2004 23:38:50 GMT
Wanted to note that the file referenced in step 1 is the base64 file containing your
server cert, such as www.blah.com 

--- Oily Pakora <oilypakora@yahoo.com> wrote:
> You all might want to try the following to fix the keystore issue.  It involves using
> your IE browser on Windows to import both the certificate and the intermediate CA. 
> Then
> you export the certificate as a PCKS#7:
> 
> 1) Copy the base64 file (including the begin and end header/footers) to your desktop
> and
> give it a .cer extension.  Double-click on the file and Windows will open it up.  Click
> on the "Install Certificate" button to install the certificate into your CAPI store.

> You
> can accept all the defaults during the certificate import prompts.
> 
> 2) Grab the new VeriSign CA cert from:
> https://www.verisign.com/support/install/intermediate.html
> 
> 3) Copy the base64 intermediate CA to a file, like you did in Step 1.  Also click the
> "Install Certificate" button to install the certificate to the CAPI store, like you did
> in step 1.
> 
> Now you have both the certificate and the intermediate CA inside your CAPI store.
> 
> 4) Next, in MSIE, click on Tools->Internet Options.  Go to the Content tab and click
on
> the Certificates button.  Click on the "Other People" tab and find the certificate you
> imported in step 1.  Highlight that certificate and click the Export button.  The first
> option in the wizard - you need to select the PCKS7 radio button and check the box
> underneath that states "Include all certificates in the chain" or something like that.

> Follow the remaining prompts and save the resulting PKCS7 file on your machine
> somewhere.
> 
> This file is now a PCKS#7 BINARY file.  You need to convert it to base64 now.
> 
> 5) Download the base64 command line tool from: http://www.fourmilab.ch/webtools/base64/
> 
> There is a Windows .zip file that contains a precompiled program you can use.  The
> source
> is also there if you want to compile it.
> 
> 6) Extract the .exe file in the ZIP and also copy the PKCS#7 file you created in step
4
> to the same directory.
> 
> 7) Run the command "base64 -e pkcs7file.p7b base64file.txt"  
> This will create a base64 version of the file
> 
> 8) Edit the .txt file and add a header of:
> -----BEGIN PKCS7-----
> and a footer of:
> -----END PKCS7-----
> 
> 9) You should be able to import the cert using keytool.
> 
> Regards,
> Oily Pakora
> 
> 
> 
> 
> 
> __________________________________
> Do you Yahoo!?
> New Yahoo! Photos - easier uploading and sharing.
> http://photos.yahoo.com/
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 


__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message