tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adriano Matos Meier <adri...@powers.com.br>
Subject Re: SSL on Tomcat 6
Date Thu, 11 Jun 2015 19:54:19 GMT
Exactly!

When I run "keytool -list ...", the PrivateKeyEntry now has the
fingerprint for SSL certificate.

I belived that I had lost private key, and I would have to do it all
again (keystore/CSR/intermed/SSL).

I still import the SSL certificate with alias tomcat, and it appears in
keytool as a trustedCertEntry, with same fingerprint of the
PrivateKeyEntry.

Very crazy, but it works!

:)

Em Qui, 2015-06-11 às 15:37 -0400, Christopher Schultz escreveu:
> Adriano,
> 
> On 6/11/15 2:31 PM, Adriano Matos Meier wrote:
> > I had success when I re-import SSL certificate using same name
> > alias of PrivateKeyEntry and name alias used when I generate CSR
> > (repository).
> 
> That was going to be my second suggestion.
> 
> This is one more reason why I hate working with Java keystores: you
> have to import the signed certificate /on top of/ a
> previously-generated certificate?
> 
> I don't understand why keytool always wants to create a self-signed
> certificate when you request a CSR. I just want a CSR, independent of
> the key and keystore. :(
> 
> -chris
> 
> > Em Qui, 2015-06-11 às 09:59 -0400, Christopher Schultz escreveu:
> >> Adriano,
> >> 
> >> On 6/11/15 9:45 AM, Adriano Matos Meier wrote:
> >>>>> I tried to add keyAlias="server" in my server.xml, but I 
> >>>>> received this error:
> >>>> 
> >>>> What does "keytool -list" show for that keystore?
> >>> 
> >>> It returns 3 entries:
> >>> 
> >>> 1 PrivateKeyEntry (Private Key) - alias repository 1 
> >>> trustedCertEntry (Intermediate certificate) - alias intermed 1 
> >>> trustedCertEntry (SSL certificate) - alias server
> >> 
> >> The "keyAlias" attribute is for a key, not a cert.
> >> 
> >> You want:
> >> 
> >> <Connector ... keyAlias="repository" ... />
> >> 
> >> I could have sworn that you could also specify the "alias" of
> >> the certificate, but it looks like maybe not. You may have to
> >> remove the certificate called "server" and instead re-import the
> >> certificate using the alias "tomcat".
> >> 
> >> Try just using keyAlias="repository" first.
> >> 
> >> -chris
> >> 
> >>> Em Qui, 2015-06-11 às 09:35 -0400, Christopher Schultz
> >>> escreveu:
> >>>>> 
> >>>>> LifecycleException:  service.getName(): "Catalina";
> >>>>> Protocol handler start failed: java.io.IOException: Alias
> >>>>> name server does not identify a key entry
> >>>>> 
> >>>>> The alias of SSL certificate needs to be same of CSR?
> >>>>> 
> >>>>> What I did wrong?
> >>>>> 
> >>>>> Can anybody help me?
> >>>>> 
> >>>>> I appreciate any help!
> >>>> 
> >>>> 
> >>>> -chris
> >>> 
> >>> --------------------------------------------------------------------
> -
> >>>
> >>>
> >>
> >>> 
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>> 
> >> ---------------------------------------------------------------------
> >>
> >> 
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >> 
> > 
> > ---------------------------------------------------------------------
> >
> > 
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> > 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Mime
View raw message