tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark H. Wood" <mw...@IUPUI.Edu>
Subject Re: Not sure what to make of this, Re: bringing up HTTPS on Tomcat
Date Fri, 05 Oct 2012 16:19:50 GMT
On Thu, Oct 04, 2012 at 11:49:45AM -0700, James Lampert wrote:
> We have a customer (who shall remain nameless), who had previously 
> ignored our instructions and used IBM DCM instead of Keytool to produce 
> a keystore, and had it signed, all the while blissfully ignorant of the 
> fact that none of it would be the least bit compatible with Tomcat.
> I just got an email from that customer, with this puzzling phrase:
> > Had to split it up into a .key and .crt file. This is the output.
> which was followed by the output from a keytool -printcert on the .crt file.
> The -printcert output looks sensible, with 9 "ObjectID" items in it. But 
> what do I make of their comment about having to "split it up"?

My guess would be that they exported the private key and the
corresponding public key certificate into separate files, but someone
is thinking of all that as a single object for some reason.  I have no
idea what DCM is or does.  Maybe it works with PKCS #12 files, which
can carry both parts in a single container.

Unless keytool has changed since the last time I fought with it, there
is no way to tell it to ingest a private key.  But the KeyStore class
it manipulates seems to have the necessary methods, so you should be
able to write something to do that.

Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
Asking whether markets are efficient is like asking whether people are smart.

View raw message