Looks like we will be going through apache then.
Or use a utility written in java available with source from
http://www.comu.de.
It doesn't really import but generates a new keystore containing
the cert with priv key. Since you only need one entry for a
ssl server cert (alias tomcat) it is sufficient.
I used it with success.
Gruss,
Wolfgang
-Ursprüngliche Nachricht-
Von: Chris Campbell [mailto:[EMAIL PROTECTED]]
Gesendet: Mittwoch, 27. Februar 2002 07:53
An: 'Tomcat Users List'
Betreff: RE: Tomcat4 standalone keystore - existing private
key problem
To answer my own question and perhaps help someone searching
archives on
similar problems, the page at
http://www.cs.indiana.edu/~chiuk/security/ssl/jsse/certificate
s/ tells me
Though sufficient for some tasks, a major deficiency of the
keytool utility
is its inability to import a private key. Great. Looks like
we will be
going through apache then.
ChrisC
-Original Message-
From: Chris Campbell
Sent: Monday, February 25, 2002 12:38 PM
To: '[EMAIL PROTECTED]'
Subject: Tomcat4 standalone keystore - existing private key problem
Hi
I am trying to setup Tomcat 4.0.1 standalone to serve ssl
pages certified by
Verisign. I can use (self signed) certificates generated by
keytool with no
problem, but I can't set up the keystore to work with Verisign's.
To explain a little more, the private key I have was
generated by openssl
(openssl genrsa -rand rand.dat -des 1024 key.pem) and is of
the type:
-BEGIN RSA PRIVATE KEY-
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-CBC,91B2224E3C5D1BA5
If I try to import this into my keystore like
keytool -import -file /root/key.pem
I get the error 'Input not an X.509 certificate'. Importing
the certificate
reply from Verisign in the same way works no problem, but I
know from
setting up Apache that the private key is also necessary
right? And for
tomcat, it seems that it must be in the keystore (no other
configuration
options as far as I know). I think everything would work if I
could just get
that private key into a form that keytool understands, then into the
keystore... is this possible?
Thanks,
ChrisC
--
To unsubscribe:
mailto:[EMAIL PROTECTED]
For additional commands:
mailto:[EMAIL PROTECTED]
Troubles with the list:
mailto:[EMAIL PROTECTED]
--
To unsubscribe: mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]
--
To unsubscribe: mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]