Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3DB931F32 for ; Tue, 19 Apr 2011 21:54:36 +0000 (UTC) Received: (qmail 23882 invoked by uid 500); 19 Apr 2011 21:54:32 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 23831 invoked by uid 500); 19 Apr 2011 21:54:32 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 23822 invoked by uid 99); 19 Apr 2011 21:54:32 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Apr 2011 21:54:32 +0000 X-ASF-Spam-Status: No, hits=4.4 required=5.0 tests=FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RFC_ABUSE_POST,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of h_jin3@hotmail.com designates 65.55.90.81 as permitted sender) Received: from [65.55.90.81] (HELO snt0-omc2-s6.snt0.hotmail.com) (65.55.90.81) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Apr 2011 21:54:24 +0000 Received: from SNT131-W24 ([65.55.90.73]) by snt0-omc2-s6.snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Tue, 19 Apr 2011 14:54:04 -0700 Message-ID: Content-Type: multipart/alternative; boundary="_72e47737-1ac2-4603-becd-d441966ffaac_" X-Originating-IP: [24.43.13.180] From: Jin H To: Subject: Need help with SSL Certificate install on Tomcat 6.0.29 APR. Date: Tue, 19 Apr 2011 14:54:03 -0700 Importance: Normal MIME-Version: 1.0 X-OriginalArrivalTime: 19 Apr 2011 21:54:04.0242 (UTC) FILETIME=[4CA65320:01CBFEDC] --_72e47737-1ac2-4603-becd-d441966ffaac_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi. We are a school running Tomcat 6.0.29 for Windows server 2003 with APR= . I currently have an SSL certificate installed. I'm trying to update it = with the renewed SSL certificate but I'm having no luck.=20 Here are the commands I used to create the CSR. in the jdk1.6.0_17\bin folder i used this command: keytool -certreq -keyalg RSA -alias alias2011 -file cert.csr -keystore key2= 011.key -keysize 2048 It then asks for a password which i enter. I generated the CSR and sent it to my SSL vendor. They e-mailed my ssl cer= tificate back to me. But they told me that I had to install 2 intermediate Certificate files. I dowloaded a primary.crt and secondary.crt files from them. I then ran this command to import the primary.crt keytool -import -trustcacerts -alias primary -keystore key2011.key -file pr= imary.crt Then the secondary.crt keytool -import -trustcacerts -alias secondary -keystore key2011.key -file = secondary.crt finally the SSL certificate they e-mailed back. keytool -import -trustcacerts -alias alias2011 -keystore key2011.key -file = 2011.crt After this I copy the key2011.key and 2011.crt to the root of tomcat. I edited server.xml to this: I didn't know the difference between SSLPassword and keystorePass so I put = both in there. I never put a password for my previous ssl certificate and it worked so I'm= confused why I have to put one in now. BTW here is the current server.xml that works with the about to expire SSL = certificate. Please help. Thanks in advance. = --_72e47737-1ac2-4603-becd-d441966ffaac_--