"Dave Wood" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Thanks Bill. I think this highlights something I'm really not > understanding... > > Didn't I generate an important "private key" somewhere along the line that I > can't just regenerate if I blow away my keystore? I assumed the certificate > I got back from verisign would only work if I still had the original private > key I generated before sending them my request. Is that wrong? >
Of course you need your original private key. A lapse on my part, since I always use openssl to generate the CSR for VS :(. If you used keytool to generate the PK, then you'll have to extract it first. > (I'll take a look at the link you sent...at first glance, it looks a little > hard to follow, but hopefully not). > > Thanks again. > > Dave > > -----Original Message----- > From: news [mailto:[EMAIL PROTECTED] Behalf Of Bill Barker > Sent: Thursday, September 04, 2003 11:06 PM > To: [EMAIL PROTECTED] > Subject: Re: SSL/Verisign Confusion > > > Firstly, it looks like you should wipe you keystore and start again. To use > a VS cert with Tomcat, the two options I know are: > 1) Follow the instructions at http://www.comu.de/docs/tomcat_ssl.htm. > 2) Using openssl or otherwise, convert your cert+key to a pkcs12 file, and > use that as your keystore (remember to set 'keystoreType="pkcs12"' on the > Factory in server.xml). > > > "Dave Wood" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > I'm having a problem getting an SSL certificate from Verisign working > > correctly. I'm going to include everything I can think of that MIGHT be a > > problem. Unfortunately, there are a couple things I can't quite remember > > for certain. Here's the situation: > > > > 1. I generated the initial key using an alias other than "tomcat" (we'll > > call it "company") > > 2. I generated the CSR and sent it to verisign. I still have this file. > > 3. Verisign changed the company name during the verification process (from > > an acronym to the full spelling of the name) > > 4. I now have the certificate that they sent back after the validation > > process. > > 5. One thing I can't account for is why when I see this: > > > > $ keytool -list > > > > Keystore type: jks > > Keystore provider: SUN > > > > Your keystore contains 4 entries: (...others removed...) > > > > company, Fri Aug 22 08:47:04 MDT 2003, trustedCertEntry, > > Certificate fingerprint (MD5): > > 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 (the numbers aren't really > > 0's) > > > > ...I think I must have self-signed or something (I was doing a couple of > > these things and don't recall exactly), but I'm surprised to see > > "trustedCertEntry" here. > > > > The problem I'm having is this: > > > > $ keytool -import -trustcacerts -alias company -file public.crt > > Enter keystore password: xxx > > keytool error: java.lang.Exception: Certificate not imported, alias > > <company> already exists > > > > (but I'm thinking it should be REPLACING this entry, so the fact that it > > exists shouldn't be a problem???) > > > > So, I have several questions: > > > > 1. Am I hosed completely because I didn't use "tomcat" as the alias? > > 2. How does the private key get stored exactly? I assume that if I delete > > the current entry for the "company" alias, I'll be losing the private key, > > right? > > 3. Can someone provide steps I should take to get this working given what > I > > have said above. > > > > Thanks so much in advance. Sorry to be so long-winded. > > > > -Dave > > --- > > Outgoing mail is certified Virus Free. > > Checked by AVG anti-virus system (http://www.grisoft.com). > > Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]