tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adriano Matos Meier <adri...@powers.com.br>
Subject Re: SSL on Tomcat 6
Date Thu, 11 Jun 2015 13:45:09 GMT
Hi Chris.

It returns 3 entries:

1 PrivateKeyEntry (Private Key) - alias repository
1 trustedCertEntry (Intermediate certificate) - alias intermed
1 trustedCertEntry (SSL certificate) - alias server

Thanks for your attention!

Adriano



Em Qui, 2015-06-11 às 09:35 -0400, Christopher Schultz escreveu:
> Adriano,
> 
> On 6/11/15 7:18 AM, Adriano Matos Meier wrote:
> > I need update the SSL certificate in Tomcat 6.x.
> > 
> > First I did:
> > 
> > 1) Generate keystore keytool -genkeypair -alias repository -keyalg
> > RSA -keysize 2048 -sigalg SHA256withRSA -keystore
> > /usr/local/tomcat6/keystore/keystore2015.jks
> > 
> > 2) Generate CSR keytool -certreq -alias repository -keyalg RSA
> > -keysize 2048 -sigalg SHA256withRSA -keystore
> > /usr/local/tomcat6/keystore/keystore2015.jks -file
> > /usr/local/tomcat6/keystore/request.csr
> > 
> > after:
> > 
> > 3) Install intermediate certificate keytool -import -alias
> > intermed -keystore /usr/local/tomcat6/keystore/keystore2015.jks
> > -trustcacerts -file intermed.crt
> > 
> > 4) Install SSL certificate keytool -import -alias server -keystore
> > /usr/local/tomcat6/keystore/keystore2015.jks -trustcacerts -file
> > www.domain.com.crt
> > 
> > I restarted Tomcat and he listen on 8443 normally, but verifying
> > the fingerprint, it is using the "PrivateKeyEntry" for SSL, not
> > the "trustedCertEntry".
> > 
> > I tried to add keyAlias="server" in my server.xml, but I received
> > this error:
> > 
> > LifecycleException:  service.getName(): "Catalina";  Protocol
> > handler start failed: java.io.IOException: Alias name server does
> > not identify a key entry
> > 
> > The alias of SSL certificate needs to be same of CSR?
> > 
> > What I did wrong?
> > 
> > Can anybody help me?
> > 
> > I appreciate any help!
> 
> What does "keytool -list" show for that keystore?
> 
> -chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Mime
View raw message