> Looks like we will be going through apache then. > Or use a utility written in java available with source from http://www.comu.de.
It doesn't really import but generates a new keystore containing the cert with priv key. Since you only need one entry for a ssl server cert (alias tomcat) it is sufficient. I used it with success. Gruss, Wolfgang > -----Ursprüngliche Nachricht----- > Von: Chris Campbell [mailto:[EMAIL PROTECTED]] > Gesendet: Mittwoch, 27. Februar 2002 07:53 > An: 'Tomcat Users List' > Betreff: RE: Tomcat4 standalone keystore - existing private > key problem > > > > To answer my own question and perhaps help someone searching > archives on > similar problems, the page at > http://www.cs.indiana.edu/~chiuk/security/ssl/jsse/certificate > s/ tells me > "Though sufficient for some tasks, a major deficiency of the > keytool utility > is its inability to import a private key." Great. Looks like > we will be > going through apache then. > > ChrisC > > > > -----Original Message----- > > From: Chris Campbell > > Sent: Monday, February 25, 2002 12:38 PM > > To: '[EMAIL PROTECTED]' > > Subject: Tomcat4 standalone keystore - existing private key problem > > > > > > > > Hi > > > > I am trying to setup Tomcat 4.0.1 standalone to serve ssl > > pages certified by > > Verisign. I can use (self signed) certificates generated by > > keytool with no > > problem, but I can't set up the keystore to work with Verisign's. > > To explain a little more, the private key I have was > > generated by openssl > > (openssl genrsa -rand rand.dat -des 1024 > key.pem) and is of > > the type: > > > > -----BEGIN RSA PRIVATE KEY----- > > Proc-Type: 4,ENCRYPTED > > DEK-Info: DES-CBC,91B2224E3C5D1BA5 > > > > If I try to import this into my keystore like > > > > keytool -import -file /root/key.pem > > > > I get the error 'Input not an X.509 certificate'. Importing > > the certificate > > reply from Verisign in the same way works no problem, but I > know from > > setting up Apache that the private key is also necessary > > right? And for > > tomcat, it seems that it must be in the keystore (no other > > configuration > > options as far as I know). I think everything would work if I > > could just get > > that private key into a form that keytool understands, then into the > > keystore... is this possible? > > > > Thanks, > > > > ChrisC > > > > -- > > To unsubscribe: > <mailto:[EMAIL PROTECTED]> > > For additional commands: > <mailto:[EMAIL PROTECTED]> > > Troubles with the list: > <mailto:[EMAIL PROTECTED]> > > > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>