Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id CBCE59442 for ; Mon, 23 Jan 2012 09:53:34 +0000 (UTC) Received: (qmail 80764 invoked by uid 500); 23 Jan 2012 09:53:30 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 80205 invoked by uid 500); 23 Jan 2012 09:53:22 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 80187 invoked by uid 99); 23 Jan 2012 09:53:18 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 23 Jan 2012 09:53:18 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: 147.91.1.120 is neither permitted nor denied by domain of ognjen.d.blagojevic@gmail.com) Received: from [147.91.1.120] (HELO afrodita.rcub.bg.ac.rs) (147.91.1.120) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 23 Jan 2012 09:53:10 +0000 Received: from [IPv6:2001:4170:0:4::66] (unknown [IPv6:2001:4170:0:4::66]) by afrodita.rcub.bg.ac.rs (Postfix) with ESMTP id E54A11919F4C for ; Mon, 23 Jan 2012 10:52:47 +0100 (CET) Message-ID: <4F1D2DEE.1060804@gmail.com> Date: Mon, 23 Jan 2012 10:52:46 +0100 From: Ognjen Blagojevic User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.25) Gecko/20111213 Thunderbird/3.1.17 MIME-Version: 1.0 To: Tomcat Users List Subject: Re: New development, Re: More, Re: Problem bringing up SSL with a CA certificate References: <4F174BCC.2060005@touchtonecorp.com> <4F1766BC.8070207@touchtonecorp.com> <4F17E760.2000801@gmail.com> <4F184D5A.2020501@touchtonecorp.com> In-Reply-To: <4F184D5A.2020501@touchtonecorp.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-RCUB-MailScanner-Information: Please contact the ISP for more information X-RCUB-MailScanner-ID: E54A11919F4C.A9B5A X-RCUB-MailScanner: Found to be clean X-RCUB-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-2.6, required 5, autolearn=not spam, BAYES_00 -2.60, NO_RELAYS -0.00) X-Virus-Checked: Checked by ClamAV on apache.org James, On 19.1.2012 18:05, James Lampert wrote: >> You must find keystore with earlier generated key pair (the one you >> also used to generate CSR for CA), and import all three certificates >> into that keystore. > > At this point, I still don't have the keystore used to generate the CSR, > but I *do* now have the CSR itself. Does that help? No, it doesn't. Assuming you are NOT using APR connector, the whole procedure goes like this: 1. Generate key pair (public and private key) using keytool -genkeypair. Both keys are kept in the keystore. 2. Export public key into CSR, and send it to the CA. 3. Receive signed public key (certificate) from CA, along with any other necessary certificates forming keychain. 4. Import all received certificates to the keystore you used in step 1. If you lost your keystore, that means that you lost private key. You need to start from the beginning. Generate new keypair, and send it to your CA. Before that, check the revocation procedure with your CA. -Ognjen --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org