Firstly, it looks like you should wipe you keystore and start again. To use a VS cert with Tomcat, the two options I know are: 1) Follow the instructions at http://www.comu.de/docs/tomcat_ssl.htm. 2) Using openssl or otherwise, convert your cert+key to a pkcs12 file, and use that as your keystore (remember to set 'keystoreType="pkcs12"' on the Factory in server.xml).
"Dave Wood" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I'm having a problem getting an SSL certificate from Verisign working > correctly. I'm going to include everything I can think of that MIGHT be a > problem. Unfortunately, there are a couple things I can't quite remember > for certain. Here's the situation: > > 1. I generated the initial key using an alias other than "tomcat" (we'll > call it "company") > 2. I generated the CSR and sent it to verisign. I still have this file. > 3. Verisign changed the company name during the verification process (from > an acronym to the full spelling of the name) > 4. I now have the certificate that they sent back after the validation > process. > 5. One thing I can't account for is why when I see this: > > $ keytool -list > > Keystore type: jks > Keystore provider: SUN > > Your keystore contains 4 entries: (...others removed...) > > company, Fri Aug 22 08:47:04 MDT 2003, trustedCertEntry, > Certificate fingerprint (MD5): > 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 (the numbers aren't really > 0's) > > ...I think I must have self-signed or something (I was doing a couple of > these things and don't recall exactly), but I'm surprised to see > "trustedCertEntry" here. > > The problem I'm having is this: > > $ keytool -import -trustcacerts -alias company -file public.crt > Enter keystore password: xxx > keytool error: java.lang.Exception: Certificate not imported, alias > <company> already exists > > (but I'm thinking it should be REPLACING this entry, so the fact that it > exists shouldn't be a problem???) > > So, I have several questions: > > 1. Am I hosed completely because I didn't use "tomcat" as the alias? > 2. How does the private key get stored exactly? I assume that if I delete > the current entry for the "company" alias, I'll be losing the private key, > right? > 3. Can someone provide steps I should take to get this working given what I > have said above. > > Thanks so much in advance. Sorry to be so long-winded. > > -Dave > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
