tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Pease <>
Subject installing certificates
Date Mon, 09 Oct 2017 20:24:01 GMT
   I'm running Tomcat 8.5.23 on an AWS Ubuntu Linux 16.04 LTS 
installation.  I'm trying to follow the instructions at to get HTTPS 
running under tomcat.  My site runs with a self-signed certificate.  Now 
I'm trying to install a proper certificate from .  After the rather lengthy process to 
generate the "Signed Certificate" and "Intermediate Certificate" it 
appears I'm ready to follow the instructions under the heading 
"Importing the Certificate".
   My first question is whether there is a difference between the 
certificates mentioned in

- "import a so called Chain Certificate or Root Certificate into your 


- "After that you can proceed with importing your Certificate."

I was able to execute the command:

keytool -import -alias root -keystore <your_keystore_filename>
     -trustcacerts -file <filename_of_the_chain_certificate>

using a single file that has the "Signed Certificate" and "Intermediate 
Certificate" from gethttpsforfree.  But then I get an error from the 
next command

~$ keytool -import -alias tomcat -keystore .keystore -file chained.pem
Enter keystore password:
keytool error: java.lang.Exception: Certificate reply does not contain 
public key for <tomcat>

When I run

~$ keytool -list -v

I see (in part)

Alias name: tomcat
Creation date: Oct 9, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Owner: CN=Adam Pease

I'm very new to certificates.  Could someone point me in the right 

all the best,

Adam Pease
@apease_ontology on Twitter

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message