tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dennis Dai>
Subject Re: SSL certs
Date Thu, 16 Sep 2004 02:02:30 GMT
On 9/15/2004 6:04 AM, SH Solutions wrote:

> I want to install SSL to my tomcat server.
> I do have a signed ceritificate as .key, .csr and .crt files.
> How do I get tomcat to use these?

I'd assume those files are in PEM format. Then you can use openssl to 
convert the .key and .crt files to PKCS12 format (usually .p12 or .pfx), 
which is the other keystore format java recognizes besides its 
proprietary JKS format.

But, there's a catch. If your cert is not signed by a root CA but by an 
intermediate CA, you'll need to include the whole certification chain as 
well in the converted keystore. Not only that, you will need to give 
each of the certificate a name (alias in keytool's term) when doing the 
conversion and they need to be in a particular order (from bottom - your 
cert - to top, IIRC), otherwise, the chain wouldn't be recognized by 
java. So, as long as you can see the chain from 'keytool -list' command, 
you're set.


Dennis Dai

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message