tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Schumacher <felix.schumac...@internetallee.de>
Subject Re: SSL Certificate formats, requirements for import into existing keystore
Date Thu, 07 Jul 2011 05:14:10 GMT
Hi Marvin,

Marvin Addison <marvin.addison@gmail.com> schrieb:

>> There is some "junk" ("bag attributes")n the file that I don't'
>understand. I am used to just seeing "-----BEGIN CERTIFICATE-----
>"----END CERTIFICATE----- "" ""-----BEGIN RSA PRIVATE KEY-----
>"-----END RSA PRIVATE KEY----- "
>
>As far as I know, keytool can only import certificates in PKCS8
>format.  The "junk" you mentioned may indicate the key is in SSLeay
>format.  You can use OpenSSL to convert from one format to another.
>That said, I'm not aware of _any_ method to import a keypair into a
>keystore using keytool; the private key is inaccessible (with respect
>to import and export) by design.
I think that restriction is gone. At least my sun jdk 6u12 keytool can import complete pkcs12
files into my Java keystores without a problem. Export works, too.
And u12 is really old now.

Regards
 Felix
>
>You should probably determine whether you actually need the private
>key before proceeding.  Sounds like you're doing SSL offloading, but
>that shouldn't necessarily require using the same keypair on both the
>LB and endpoint.
>
>M
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message