RE: Tomcat4 standalone keystore - existing private

[Wolfgang Stein]

 Looks like we will be going through apache then.
 

Or use a utility written in java available with source from
http://www.comu.de.

It doesn't really import but generates a new keystore containing
the cert with priv key. Since you only need one entry for a 
ssl server cert (alias tomcat) it is sufficient.

I used it with success.

Gruss,
Wolfgang
 

 -Ursprüngliche Nachricht-
 Von: Chris Campbell [mailto:[EMAIL PROTECTED]]
 Gesendet: Mittwoch, 27. Februar 2002 07:53
 An: 'Tomcat Users List'
 Betreff: RE: Tomcat4 standalone keystore - existing private 
 key problem
 
 
 
 To answer my own question and perhaps help someone searching 
 archives on
 similar problems, the page at
 http://www.cs.indiana.edu/~chiuk/security/ssl/jsse/certificate
 s/ tells me
 Though sufficient for some tasks, a major deficiency of the 
 keytool utility
 is its inability to import a private key. Great. Looks like 
 we will be
 going through apache then.
 
 ChrisC
 
 
  -Original Message-
  From: Chris Campbell 
  Sent: Monday, February 25, 2002 12:38 PM
  To: '[EMAIL PROTECTED]'
  Subject: Tomcat4 standalone keystore - existing private key problem
  
  
  
  Hi
  
  I am trying to setup Tomcat 4.0.1 standalone to serve ssl 
  pages certified by
  Verisign. I can use (self signed) certificates generated by 
  keytool with no
  problem, but I can't set up the keystore to work with Verisign's.
  To explain a little more, the private key I have was 
  generated by openssl
  (openssl genrsa -rand rand.dat -des 1024  key.pem) and is of 
  the type:
  
  -BEGIN RSA PRIVATE KEY-
  Proc-Type: 4,ENCRYPTED
  DEK-Info: DES-CBC,91B2224E3C5D1BA5
  
  If I try to import this into my keystore like 
  
  keytool -import -file /root/key.pem
  
  I get the error 'Input not an X.509 certificate'. Importing 
  the certificate
  reply from Verisign in the same way works no problem, but I 
 know from
  setting up Apache that the private key is also necessary 
  right? And for
  tomcat, it seems that it must be in the keystore (no other 
  configuration
  options as far as I know). I think everything would work if I 
  could just get
  that private key into a form that keytool understands, then into the
  keystore... is this possible?
  
  Thanks, 
  
  ChrisC
  
  --
  To unsubscribe:   
 mailto:[EMAIL PROTECTED]
  For additional commands: 
 mailto:[EMAIL PROTECTED]
  Troubles with the list: 
 mailto:[EMAIL PROTECTED]
  
 
 --
 To unsubscribe:   mailto:[EMAIL PROTECTED]
 For additional commands: mailto:[EMAIL PROTECTED]
 Troubles with the list: mailto:[EMAIL PROTECTED]


--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]

RE: Tomcat4 standalone keystore - existing private key problem

[Chris Campbell]

To answer my own question and perhaps help someone searching archives on
similar problems, the page at
http://www.cs.indiana.edu/~chiuk/security/ssl/jsse/certificates/ tells me
"Though sufficient for some tasks, a major deficiency of the keytool utility
is its inability to import a private key." Great. Looks like we will be
going through apache then.

ChrisC


 -Original Message-
 From: Chris Campbell 
 Sent: Monday, February 25, 2002 12:38 PM
 To: '[EMAIL PROTECTED]'
 Subject: Tomcat4 standalone keystore - existing private key problem
 
 
 
 Hi
 
 I am trying to setup Tomcat 4.0.1 standalone to serve ssl 
 pages certified by
 Verisign. I can use (self signed) certificates generated by 
 keytool with no
 problem, but I can't set up the keystore to work with Verisign's.
 To explain a little more, the private key I have was 
 generated by openssl
 (openssl genrsa -rand rand.dat -des 1024  key.pem) and is of 
 the type:
 
 -BEGIN RSA PRIVATE KEY-
 Proc-Type: 4,ENCRYPTED
 DEK-Info: DES-CBC,91B2224E3C5D1BA5
 
 If I try to import this into my keystore like 
 
 keytool -import -file /root/key.pem
 
 I get the error 'Input not an X.509 certificate'. Importing 
 the certificate
 reply from Verisign in the same way works no problem, but I know from
 setting up Apache that the private key is also necessary 
 right? And for
 tomcat, it seems that it must be in the keystore (no other 
 configuration
 options as far as I know). I think everything would work if I 
 could just get
 that private key into a form that keytool understands, then into the
 keystore... is this possible?
 
 Thanks, 
 
 ChrisC
 
 --
 To unsubscribe:   mailto:[EMAIL PROTECTED]
 For additional commands: mailto:[EMAIL PROTECTED]
 Troubles with the list: mailto:[EMAIL PROTECTED]
 

--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]