tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Larose <Justin.Lar...@nexweb.org>
Subject Re: SSL Configuration Errors
Date Tue, 10 Jan 2012 14:11:41 GMT
Ognjen,

> You must use the same keystore and same alias when you:

> 1. generate key,
> 2. generate csr,
> 3. import certificate.
> 
> Example:
> keytool -genkey ... -keystore xxx.jks -alias yyy
> keytool -certreq ... -keystore xxx.jks -alias yyy
> and later
> keytool -import -trustcacerts ... -keystore xxx.jks -alias yyy
> 
> Same keystore, same alias in all three invocations of keytool.

I took screenshots of my actions in doing these steps above. The only 
problem I see is when I created the keystore at first I named it 
wcmdev.keystore and now it seems to be named wcmdev.jks . So I have 
deleted all keystores and will start from scratch again.

Here is what I have entered for creating keystore and CSR request:

C:\Program Files>cd %JAVA_HOME%

C:\Program Files\Java\jre6>cd bin

C:\Program Files\Java\jre6\bin>keytool -genkey -alias tomcat -keyalg RSA 
-keysize 2048 -keystore wcmdev.jks
(I deleted this section)
Enter key password for <tomcat>
        (RETURN if same as keystore password):
Re-enter new password:
C:\Program Files\Java\jre6\bin>keytool -certreq -keyalg RSA -alias tomcat 
-file wcmdev.csr -keystore wcmdev.jks
Enter keystore password:

When I get the new certificate should I only import the certificate? Or do 
I need to import the intermediate and root certificate first?

Thanks,
Justin

******************************************************************************
This email and any files transmitted with it are intended solely for 
the use of the individual or agency to whom they are addressed. 
If you have received this email in error please notify the Navy 
Exchange Service Command e-mail administrator. This footnote 
also confirms that this email message has been scanned for the
presence of computer viruses.

Thank You!            
******************************************************************************


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message