tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <>
Subject RE: Symantec SSL cert in tomcat 6
Date Fri, 03 Jan 2014 23:27:37 GMT
> Gene,
> On 3.1.2014 14:55, Gene Matthews wrote:
> > Thie symantec instructions say to ensure the alias for the ssl cert has an Entry
Type of PrivateKeyEntry.  Mine DOES NOT.  Instructions say if it does not, to please import
the certificate in the “Private Key” alias.
> With JKS keystore you must keep private key and certificates in the same 
> keystore.
MG>Since A pfx that Verisign provides contains key and cert
MG>"Windows servers use .pfx files to contain the public key files (your SSL
 Certificate files, provided by DigiCert) and MG>the associated private key
 file (generated by your server as part of the CSR).
MG>perhaps you are referring to the key/certificate combination in pfx?

 Therefore, you shouldn't import server certificate and inter. 
> certificates into brand new keystore, but into the "old" keystore -- the 
> one you used to create key pair, and to generate CSR.
MG>CSR is the request to CA Authority (verisign ) to sign (digitally identify) this certificate

MG> certificate signing request (also CSR or certification request) is a message sent from
an applicant to a MG>certificate authority in order to apply for a digital identity certificate.
The most common format for CSRs is the MG>PKCS#10 specification
> I find it strange that Symantec/Verisign didn't mention that explicitly 
> in their documentation.
> > It also says to ensure the Certificate chain length is 4.
> Once you import certificates into the right keystore, check that again.
> > PS:  How does one search the archives of this list?  When I browse the archive site
I don’t see a search field anywhere.  So I’ve been googling without coming up with a solution.
it is probably out there but I don’t know enough to recognize it :-(
> Search for "Archives".
> -Ognjen
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message