tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Prashant Shinde" <prashant.shi...@hoonartek.com>
Subject RE: Using a P7B certificate file
Date Wed, 11 Sep 2013 13:05:22 GMT
Hi 

I am getting following error when I try with wget

OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.


Thanks & Regards,

Prashant Shinde
Senior Consultant
Hoonar Tekwurks Consulting LLP
email: prashant.shinde@hoonartek.com | cell: +91 98220 38097| desk: +91 20 4900 5204


-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net] 
Sent: 11 September 2013 14:22
To: Tomcat Users List
Subject: Re: Using a P7B certificate file

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

James,

On 9/10/13 6:50 PM, James H. H. Lampert wrote:
> On 9/10/13 2:19 PM, Christopher Schultz wrote:
>> "P7B" is otherwise known as a PKCS#7 file and usually contains a 
>> certificate. Does the file contain *only* a certificate, or does it 
>> also contain the key that was used to generate the CSR? If you have 
>> the cert but not the key, you won't be able to use it for serving 
>> HTTPS.
>> 
>> Let's start with what you've actually got. You said you have a file. 
>> What's in the file?
> 
> Well, from what little I'd read, "A P7B file only contains 
> certificates and chain certificates, not the private key." (from
> <https://www.sslshopper.com/ssl-converter.html>)
> 
> Is there a way it *can* contain the private key as well?
> 
> At any rate, it contains the typical unintelligible block of 
> characters between "BEGIN PKCS7" and "END PKCS7" marks, 98 lines of
> 64 characters and a 99th line of 4 characters, approximately 6kb. I 
> did a bit of futzing around with it, found I could use "keychain 
> access" on my Mac to import it into an empty "keychain" file for 
> inspection, and I found that it it appears to contain a root 
> certificate, an intermediate certificate, and the signed SSL 
> certificate. Looking at it with the corresponding utility on my 
> WinDoze box gives the same result. Unless you know of something else 
> that can inspect a P7B file, I'm guessing that it's just a reply to a 
> CSR, waiting to be installed in the originating keystore.

You could use OpenSSL to inspect it, but I suspect it would give you the same result.

Okay, great: you have a chain of certificates and could, with a bit of effort, convert that
into a Java keystore or a PEM-encoded file for use with OpenSSL (and httpd, tcnative, etc.).

Without the private key, though, you aren't going to get very far. Go back to the client and
tell them that you need that, too.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSMGB1AAoJEBzwKT+lPKRY3V4QALfCpfIut8j3+CMLlYxe2l+d
q9M884k+CaBST5FBCUpGF0sdtBinoPnq9JINDQihBBg1WIJ7kji8CEi5/78ePqmv
7aZcPqZDt2/32+QWX+WNKRJy0IawLJl89DnB2DnnJdb4GaSzrJXPhUwBCzA61wXc
eRjRmKrx8oQTRYDKHp2eaY4HrYFn6tmiU3a6mZKO6NF7bLWyk8vPbEpCO9WXM+fd
SqxwlWqr6JKLyiEmswxhZsHQN7u7Pppr+wMvmRVmnNRRgYzRUT9NKvobd6XyaWau
T4dFlkSMWZqnUctH8L4vmoPm/TBzM6bwqDCSnRg1QCeMvfLeribo2AWzsMXgtvlN
iNdzp9pwKXWhowKcWN+pZxMwUXgkusZEDth0JnA59tZaufWYTMucv2sW7+890kJ6
ZyCOKhfAF7U4gJNuJXy1cFOHpVhsLGFwM/dnOSqzuA7lvf8Duc5jY2Hm7BA69lRT
HwiSyunw2IARcp0nWbEiVKdF1WU2+bzevhk896S2qwWmXwATMc6gy38EnL/TRSpw
QXyXCrglCTl2yt1pbE45+1Zb3CVC8RWsvaSGsFRzPxotTcOEZGwLjv4FtvHOHn4o
1+EP+6oanG43OEKKm6+PHQ1BnDCnko3dKEeSftrHVeW6N3/sLMpjKa/JsKXL8CpZ
mnUDjvnZ3ZLbBuvOncpl
=mDnw
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message