Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@www.apache.org Received: (qmail 19158 invoked from network); 16 Sep 2004 02:02:48 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 16 Sep 2004 02:02:48 -0000 Received: (qmail 72285 invoked by uid 500); 16 Sep 2004 02:02:15 -0000 Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org Received: (qmail 72138 invoked by uid 500); 16 Sep 2004 02:02:14 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 72124 invoked by uid 99); 16 Sep 2004 02:02:14 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (hermes.apache.org: local policy) Received: from [209.139.240.63] (HELO pluto.ebookingservice.com) (209.139.240.63) by apache.org (qpsmtpd/0.28) with ESMTP; Wed, 15 Sep 2004 19:02:12 -0700 Received: from localhost (localhost [127.0.0.1]) by pluto.ebookingservice.com (Postfix) with ESMTP id AA714CB35 for ; Wed, 15 Sep 2004 19:02:06 -0700 (PDT) Received: from pluto.ebookingservice.com ([127.0.0.1]) by localhost (pluto.ebookingservice.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11963-03 for ; Wed, 15 Sep 2004 19:02:03 -0700 (PDT) Received: from [10.68.1.12] (S010600e02910b989.vc.shawcable.net [24.81.209.168]) by pluto.ebookingservice.com (Postfix) with ESMTP id 6BD9FCB2C for ; Wed, 15 Sep 2004 19:02:03 -0700 (PDT) Message-ID: <4148F436.8030506@ddai.net> Date: Wed, 15 Sep 2004 19:02:30 -0700 From: Dennis Dai User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.3) Gecko/20040910 X-Accept-Language: en, en-us, fr MIME-Version: 1.0 To: Tomcat Users List Subject: Re: SSL certs References: <20040915130513.68DC25CC61@mail.ddai.net> In-Reply-To: <20040915130513.68DC25CC61@mail.ddai.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at ebookingservice.com X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N On 9/15/2004 6:04 AM, SH Solutions wrote: > I want to install SSL to my tomcat server. > I do have a signed ceritificate as .key, .csr and .crt files. > How do I get tomcat to use these? I'd assume those files are in PEM format. Then you can use openssl to convert the .key and .crt files to PKCS12 format (usually .p12 or .pfx), which is the other keystore format java recognizes besides its proprietary JKS format. But, there's a catch. If your cert is not signed by a root CA but by an intermediate CA, you'll need to include the whole certification chain as well in the converted keystore. Not only that, you will need to give each of the certificate a name (alias in keytool's term) when doing the conversion and they need to be in a particular order (from bottom - your cert - to top, IIRC), otherwise, the chain wouldn't be recognized by java. So, as long as you can see the chain from 'keytool -list' command, you're set. HTH, -- Dennis Dai ml@ddai.net --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org