tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James H. H. Lampert" <jam...@touchtonecorp.com>
Subject Re: Using a P7B certificate file
Date Fri, 13 Sep 2013 21:29:26 GMT
On 9/11/13 5:22 AM, Christopher Schultz wrote:
> Okay, great: you have a chain of certificates and could, with a bit of
> effort, convert that into a Java keystore or a PEM-encoded file for
> use with OpenSSL (and httpd, tcnative, etc.).
>
> Without the private key, though, you aren't going to get very far. Go
> back to the client and tell them that you need that, too.

FINALLY!

(And this is why we discourage our customers from building their own 
keystores: there's enough chance of screwing it up if I do it, and I've 
done it a few times; unless the customer has a Tomcat expert on staff, 
they're going to be as lost as I was the first time.)

We got the customer to send us the originating keystore (on the second 
try!), and the non-default password for it, and I managed to marry it to 
the signed certificate in the P7B file, and get it installed (screwing 
up the syntax of server.xml, the first time I tried to adjust it from 
our choice of keystore name and alias to their choices and their 
non-default password), and finally managed to get it to come up.

Thanks, Mr. Schultz, et al. You were more helpful than you might realize.

--
James H. H. Lampert
Touchtone Corporation

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message