tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Friebel" <>
Subject RE: Need help w/ installing certificate.
Date Tue, 14 Nov 2006 23:32:56 GMT
When you create a keystore, you get prompted with information regarding
your server.  This is your server certificate, and it identifies your
server to other users.

You would have created a certificate sign request that you sent to your
CA to get your certificate signed.  You sign your certificate so as
others that trust your CA know that they can trust you.  When you have a
signed certificate, you need to import the CA certificate into your
keystore to enable a trust chain.

Once you have imported the CA certificate, then you need to import your
signed certificate into your keystore (ensure you use the same alias
when you created your certificate).  You keystore should list this
certificate as the 'keyEntry' when you list your keystore, and this will
be the certificate presented to users when they access your server using

Do not forget to enable tomcat to use SSL in the server.xml file.  It
may be a good idea for you to do internal testing using self signed
certificates to understand them before getting them signed by a CA.

Andrew Friebel

-----Original Message-----
From: Andy Tipton [] 
Sent: Tuesday, 14 November 2006 11:42 AM
To: 'Tomcat Users List'
Subject: Need help w/ installing certificate.

            I have my real certificate downloaded.  I am trying to
it into my keystore so that is the one to be used. however, I am can't
it to work.  Please help!!  
            I am running these commands but I cannot get the keystore to
look at the new certificate..
C:\Program Files\Java\jdk1.5.0_05\bin>keytool -import -alias intermed
-keystore .keystore -trustcacerts -file sf_issuing.crt
C:\Program Files\Java\jdk1.5.0_05\bin>keytool -import -alias tomcat5
-keystore .keystore -trustcacerts -file
I have tried creating a new '.keystore', but no luck.  
Could someone please help!! I am running out of ideas.

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message