tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adriano Matos Meier <>
Subject SSL on Tomcat 6
Date Thu, 11 Jun 2015 11:18:12 GMT

I need update the SSL certificate in Tomcat 6.x.

First I did:

1) Generate keystore
keytool -genkeypair -alias repository -keyalg RSA -keysize 2048 -sigalg
SHA256withRSA -keystore /usr/local/tomcat6/keystore/keystore2015.jks

2) Generate CSR
keytool -certreq -alias repository -keyalg RSA -keysize 2048 -sigalg
SHA256withRSA -keystore /usr/local/tomcat6/keystore/keystore2015.jks
-file /usr/local/tomcat6/keystore/request.csr


3) Install intermediate certificate
keytool -import -alias intermed
-keystore /usr/local/tomcat6/keystore/keystore2015.jks -trustcacerts
-file intermed.crt

4) Install SSL certificate
keytool -import -alias server
-keystore /usr/local/tomcat6/keystore/keystore2015.jks -trustcacerts

I restarted Tomcat and he listen on 8443 normally, but verifying the
fingerprint, it is using the "PrivateKeyEntry" for SSL, not the

I tried to add keyAlias="server" in my server.xml, but I received this

LifecycleException:  service.getName(): "Catalina";  Protocol handler
start failed: Alias name server does not identify a
key entry

The alias of SSL certificate needs to be same of CSR?

What I did wrong?

Can anybody help me?

I appreciate any help!


View raw message