tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Pease <ape...@articulatesoftware.com>
Subject installing certificates
Date Mon, 09 Oct 2017 20:24:01 GMT
Hi,
   I'm running Tomcat 8.5.23 on an AWS Ubuntu Linux 16.04 LTS 
installation.  I'm trying to follow the instructions at 
https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html to get HTTPS 
running under tomcat.  My site runs with a self-signed certificate.  Now 
I'm trying to install a proper certificate from 
https://gethttpsforfree.com/ .  After the rather lengthy process to 
generate the "Signed Certificate" and "Intermediate Certificate" it 
appears I'm ready to follow the instructions under the heading 
"Importing the Certificate".
   My first question is whether there is a difference between the 
certificates mentioned in

- "import a so called Chain Certificate or Root Certificate into your 
keystore"

and

- "After that you can proceed with importing your Certificate."

I was able to execute the command:

keytool -import -alias root -keystore <your_keystore_filename>
     -trustcacerts -file <filename_of_the_chain_certificate>

using a single file that has the "Signed Certificate" and "Intermediate 
Certificate" from gethttpsforfree.  But then I get an error from the 
next command

~$ keytool -import -alias tomcat -keystore .keystore -file chained.pem
Enter keystore password:
keytool error: java.lang.Exception: Certificate reply does not contain 
public key for <tomcat>

When I run

~$ keytool -list -v

I see (in part)

Alias name: tomcat
Creation date: Oct 9, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Adam Pease

I'm very new to certificates.  Could someone point me in the right 
direction?

all the best,
Adam

-- 
-------------------
Adam Pease
http://www.ontologyportal.org
http://www.adampease.org
@apease_ontology on Twitter

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message