tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pulkit Singhal" <>
Subject Re: Regarding SSL (http-https) installation or importing the trusted certificate
Date Fri, 01 Sep 2006 23:15:13 GMT
1) I am pretty sure that you can specify the alias that you want your tomcat
"connector" (https in this case) to use in the server.xml file so you don't
HAVE to name your alias "tomcat" it can be whatever you want
2) I am pretty sure you don't need to have your CSR in your keystore for any
SSL functionality. A CSR (i feel) has served its usefulness once you have
your CA signed cert in your hands.
3) I hope you know that the CA's cert needs to go into the JVM which your
tomcat uses. So somewhere in JVM_HOME/lib/security/cacerts file. I would
think the same for all the intermediates.

On 9/1/06, keyur sheth <> wrote:
> Hi everybody,
>                      I am trying to convert the tomcat container from http
> to https. But I want to do it by installing the trusted certificate. So I
> wanted to know how would you install the trusted certificate into your
> keystore.
>                      First of all I created the CSR and send it to the CA
> who will sign the CSR and returned me a chain of certificates. One is root
> certificate, intermediate certifcate and the CSR signed certificate. So I
> created the CSR with alias tomcat. Now I have a confusion of how should I
> install or import the certificate into the keystore. I can import the root
> certificate by creating the alias root, the chain certificate by creating
> the alias chain. But the confusion I have is do I have to import the CSR
> signed certificate using the alias tomcat only. Will it not tell that tomcat
> alias already exists? .. And if the alias are different does it matter while
> importing the certificate?....
>                       Waiting for your reply.
>   Thanking you,
>   Keyur
> ---------------------------------
> How low will we go? Check out Yahoo! Messenger's low  PC-to-Phone call
> rates.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message