tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marvin Addison <marvin.addi...@gmail.com>
Subject Re: SSL Certificate formats, requirements for import into existing keystore
Date Wed, 06 Jul 2011 13:58:50 GMT
> There is some "junk" ("bag attributes")n the file that I don't' understand. I am used
to just seeing "-----BEGIN CERTIFICATE----- "----END CERTIFICATE----- "" ""-----BEGIN RSA
PRIVATE KEY----- "-----END RSA PRIVATE KEY----- "

As far as I know, keytool can only import certificates in PKCS8
format.  The "junk" you mentioned may indicate the key is in SSLeay
format.  You can use OpenSSL to convert from one format to another.
That said, I'm not aware of _any_ method to import a keypair into a
keystore using keytool; the private key is inaccessible (with respect
to import and export) by design.

You should probably determine whether you actually need the private
key before proceeding.  Sounds like you're doing SSL offloading, but
that shouldn't necessarily require using the same keypair on both the
LB and endpoint.

M

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message