tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ognjen Blagojevic <>
Subject Re: New development, Re: More, Re: Problem bringing up SSL with a CA certificate
Date Mon, 23 Jan 2012 09:52:46 GMT

On 19.1.2012 18:05, James Lampert wrote:
>> You must find keystore with earlier generated key pair (the one you
>> also used to generate CSR for CA), and import all three certificates
>> into that keystore.
> At this point, I still don't have the keystore used to generate the CSR,
> but I *do* now have the CSR itself. Does that help?

No, it doesn't.

Assuming you are NOT using APR connector, the whole procedure goes like 

1. Generate key pair (public and private key) using keytool -genkeypair. 
Both keys are kept in the keystore.

2. Export public key into CSR, and send it to the CA.

3. Receive signed public key (certificate) from CA, along with any other 
necessary certificates forming keychain.

4. Import all received certificates to the keystore you used in step 1.

If you lost your keystore, that means that you lost private key. You 
need to start from the beginning. Generate new keypair, and send it to 
your CA. Before that, check the revocation procedure with your CA.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message