"Robert Hall" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I've been floundering for too many hours/days having ventured into the > java/keytool/keystore/CAcert realm for the first time to produce a > CA signed certificate for JBoss/Tomcat. > > We have a Verisign/RSA cert, hostname.crt that produces the following when > imported using 'keytool': > > $ keytool -import -trustcacerts -file hostname.crt -keystore > hostname.keystore > Enter keystore password: secret > Owner: CN=hostname.berkeley.edu, OU=MY-ORG-UNIT, O="University of > California, Berkeley", L=Berkeley, ST=California, C=US > Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, > Inc.", C=US > Serial number: 63ba7416f9d061ad65db8b61554bd8c3 > Valid from: Wed Aug 13 17:00:00 PDT 2003 until: Fri Aug 13 16:59:59 PDT 2004 > Certificate fingerprints: > MD5: 05:A7:B1:17:6B:C2:0B:FA:9A:B9:80:22:6A:B0:96:6B > SHA1: B9:34:D0:58:C4:9C:01:CD:C1:05:D9:FD:C1:D1:45:43:E3:6C:17:1A > Trust this certificate? [no]: yes > Certificate was added to keystore > > And if you're still reading, some questions: > > 1. Should the "Trust this certificate?" prompt appear if a corresponding > CA cert entry > exists in $JAVA_HOME/jre/lib/security/cacerts ?
VS uses an intermediate cert to sign yours. You probably need to import that one (but I don't feel like looking to see if it is already there :). > > 2. Is it necessary to go through the CSR (Certificate Signing Request) > process when > you already have a server cert file? No. > > 3. What else is needed in addition to an existing server cert file if > you don't have to go > through the CSR process? If you used keytool to generate the original CSR, then you have to import your cert into the same keystore that you used to generate the CSR. Otherwise you need to import your private key as well. This comes up every couple of weeks like clockwork, so you'll find plenty of pointers in the archives :). > > Thanks, > Robert --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
