whare security provider are you using... I've installed JSSE from SUN and this works... I've just been unable to load a private key from openSSL to the JKS keystore... however the certificates can be imported easily.... > -----Message d'origine----- > De: Steve Smale [mailto:[EMAIL PROTECTED]] > Date: mercredi 31 janvier 2001 13:27 > À: [EMAIL PROTECTED] > Objet: Tomcat and OpenSSL/Keytool > > > > Hi all, > > I'm a bit confused here with tomcat and SSL. > > I've generated a key using keytool -genkey -alias tomcat > -keyalg RSA as > described in the tomcat faq. This works fine, although the certificate > appears as "signed by an unknown source", and we really need > it to just > plop straight into https without any warnings appearing on the users > screens... > > So I've looked at OpenSSL, and generated a key and > signing-request, and > got a certificate via verisign, using openssl req -new -out REQ.csr > -keyout KEY.key, again, as in the tomcat faqs. > > Whether i put this resulting key through verisign's "free > trial" signing > process, or self-sign it with openssl req -x509 -in REQ.csr > -key KEY.key > -out CERT.pem, i then install it into the keytool using > keytool -import -v > trustcacerts -alias tomcat -file CERT.pem. > > If I then visit the site with netscape, I get the error: > Netscape and this > server cannot communicate securely because they have no > common encryptino > algorithm(s). While internet explorer comes up with no > sensible error, but > doesnt work with https. > > Does anyone have any ideas what I am doing wrong with this method - it > seems somehow the key generated with openssl is not of the > right format > for netscape/ie to understand, yet the one made with keytool > -genkey works > fine; - but both are exactly to the letter from the tomcat faq's... > > If I cannot get openssl to operate with it correctly, is > there a way to > export the key from keytool? - i've only really found it possible to > export the certificate, but not the private key, if it is > generated that > way... > > Before I go completely insane, has anyone else had any > experience of these > problems? > > Thanks!!! > > -- > > Regards > > Steve Smale > Java Developer > Hugh Symons Information Management > Telephone: 0870 849 0220 > Facsimile: 0870 849 0221 > > www.hughsymons.com > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, email: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]