tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James H. H. Lampert" <>
Subject Re: Using a P7B certificate file
Date Fri, 13 Sep 2013 21:29:26 GMT
On 9/11/13 5:22 AM, Christopher Schultz wrote:
> Okay, great: you have a chain of certificates and could, with a bit of
> effort, convert that into a Java keystore or a PEM-encoded file for
> use with OpenSSL (and httpd, tcnative, etc.).
> Without the private key, though, you aren't going to get very far. Go
> back to the client and tell them that you need that, too.


(And this is why we discourage our customers from building their own 
keystores: there's enough chance of screwing it up if I do it, and I've 
done it a few times; unless the customer has a Tomcat expert on staff, 
they're going to be as lost as I was the first time.)

We got the customer to send us the originating keystore (on the second 
try!), and the non-default password for it, and I managed to marry it to 
the signed certificate in the P7B file, and get it installed (screwing 
up the syntax of server.xml, the first time I tried to adjust it from 
our choice of keystore name and alias to their choices and their 
non-default password), and finally managed to get it to come up.

Thanks, Mr. Schultz, et al. You were more helpful than you might realize.

James H. H. Lampert
Touchtone Corporation

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message