tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Diedler <>
Subject Renew SSL with Keytool for Tomcat 6.0.16
Date Mon, 01 Jun 2009 10:43:14 GMT
I have done everything as a do for the initial creating of certificate but it doesn´t works.
First If i try to import the new X.509 cert into the Keystore (with the existing SSL cert
for tomcat) there is an error like the public key doesn´t match the keystore.

If i remove all certs from the keystore and import the trustedCA and the new SSL cert the
file is to small (all other working .kdb files habe 4 KB, but the new has only 2KB) and if
I try to open a SSL site with the new cert, nothing happens (no error, the loading was indicated
bottom left in the status bar but no progress for 10 minutes).
Here the new and old Keystore. There is a difference between the type of the first certificate.
The original old expired cert is type "PivateKeyEntry" the current re-new and re-import SSL
is type "trustedCertEntry" Why? It that the problem? What we are doing wrong? We use the same
CSR for the re-new as for the initial import and buying.

Keystore-Typ: JKS
Keystore-Provider: SUN
Ihr Keystore enthõlt 2 Eintrõge.
tomcat, 25.05.2009, trustedCertEntry,
Zertifikatsfingerabdruck (MD5): 41:B4:AC:B3:4F:F2:B2:67:EB:2F:8F:B3:D2:74:A8:F0
geotrustca, 25.05.2009, trustedCertEntry,
Zertifikatsfingerabdruck (MD5): 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4

D:\Keystore>c:\Programme\Java\jre1.6.0_06\bin\keytool -list -storepass XXXXXX
-keystore D:\Keystore\www_XXXXXXXX_de.kdb
Keystore-Typ: JKS
Keystore-Provider: SUN
Ihr Keystore enthõlt 2 Eintrõge.
tomcat, 11.06.2008, PrivateKeyEntry,
Zertifikatsfingerabdruck (MD5): 52:6E:74:EB:18:FE:13:61:8C:7C:F5:DA:A3:3D:08:DF
geotrustca, 11.06.2008, trustedCertEntry,
Zertifikatsfingerabdruck (MD5): 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message