-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Adriano,
On 6/11/15 3:54 PM, Adriano Matos Meier wrote: > Exactly! > > When I run "keytool -list ...", the PrivateKeyEntry now has the > fingerprint for SSL certificate. > > I belived that I had lost private key, and I would have to do it > all again (keystore/CSR/intermed/SSL). > > I still import the SSL certificate with alias tomcat, and it > appears in keytool as a trustedCertEntry, with same fingerprint of > the PrivateKeyEntry. > > Very crazy, but it works! Yes. You can, if you want to, remove the "extra" certificate: $ keytool -delete -alias server [...] - -chris > Em Qui, 2015-06-11 às 15:37 -0400, Christopher Schultz escreveu: >> Adriano, >> >> On 6/11/15 2:31 PM, Adriano Matos Meier wrote: >>> I had success when I re-import SSL certificate using same name >>> alias of PrivateKeyEntry and name alias used when I generate >>> CSR (repository). >> >> That was going to be my second suggestion. >> >> This is one more reason why I hate working with Java keystores: >> you have to import the signed certificate /on top of/ a >> previously-generated certificate? >> >> I don't understand why keytool always wants to create a >> self-signed certificate when you request a CSR. I just want a >> CSR, independent of the key and keystore. :( >> >> -chris >> >>> Em Qui, 2015-06-11 às 09:59 -0400, Christopher Schultz >>> escreveu: >>>> Adriano, >>>> >>>> On 6/11/15 9:45 AM, Adriano Matos Meier wrote: >>>>>>> I tried to add keyAlias="server" in my server.xml, but >>>>>>> I received this error: >>>>>> >>>>>> What does "keytool -list" show for that keystore? >>>>> >>>>> It returns 3 entries: >>>>> >>>>> 1 PrivateKeyEntry (Private Key) - alias repository 1 >>>>> trustedCertEntry (Intermediate certificate) - alias >>>>> intermed 1 trustedCertEntry (SSL certificate) - alias >>>>> server >>>> >>>> The "keyAlias" attribute is for a key, not a cert. >>>> >>>> You want: >>>> >>>> <Connector ... keyAlias="repository" ... /> >>>> >>>> I could have sworn that you could also specify the "alias" >>>> of the certificate, but it looks like maybe not. You may have >>>> to remove the certificate called "server" and instead >>>> re-import the certificate using the alias "tomcat". >>>> >>>> Try just using keyAlias="repository" first. >>>> >>>> -chris >>>> >>>>> Em Qui, 2015-06-11 às 09:35 -0400, Christopher Schultz >>>>> escreveu: >>>>>>> >>>>>>> LifecycleException: service.getName(): "Catalina"; >>>>>>> Protocol handler start failed: java.io.IOException: >>>>>>> Alias name server does not identify a key entry >>>>>>> >>>>>>> The alias of SSL certificate needs to be same of CSR? >>>>>>> >>>>>>> What I did wrong? >>>>>>> >>>>>>> Can anybody help me? >>>>>>> >>>>>>> I appreciate any help! >>>>>> >>>>>> >>>>>> -chris >>>>> >>>>> ------------------------------------------------------------------ - -- >> >>>>> - - >>>>> >>>>> >>>> >>>>> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>>> For additional commands, e-mail: >>>>> users-h...@tomcat.apache.org >>>>> >>>> ------------------------------------------------------------------- - -- >>>> >>>> >> >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: >>>> users-h...@tomcat.apache.org >>>> >>> >>> -------------------------------------------------------------------- - - >>> >>> >> >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVetb0AAoJEBzwKT+lPKRYY34P/iM+FGsAA9tSbwDNSGdI7Bxy MZzMIfBKQ82/+oWok0yCjIzLqJgkkCYiH8R462pJR471D2cPzAgGA0ZfrDHsxPaq tppmpIql27VtT/tDWcYj9Y3TEdrzDT5aZeY07Iijfd5z+PcqJjIkA333oGF0mtD8 BAPme56UmfwfbyCdPspVodcjISY7JncqQx8uRLHAhGMKrusJ9j5wlzmlYB8eSwXp mpRFEGk6fufTwbjmiRBv3zKe3RvKzQYdRhG5XOwM5Jn7MN+47Yat8B3MEgWQX0wW QtrBgMfI1L0J1vz7FA7KsgZNQaxY7EAtPdLsJxsp/TWmNk+wQVu4dkKOymCHONnl QGYwqGlPZTvBCgteMU1x2/+inYD3UqgMxGwbO1pSdl7rUCtg+rwPakb4J7SfHYNs Q6b2aTPiwyPN+GwrrUkxUi24LXIOpiRQyG/++6FEMTrCujzsA24xFoGghw6Cd6Gg +y1kPuovEAflVDTib43zo7siTBzIOyVyLA5jSnD50TrJ6uwSYQtU8f1735U2+tt0 YlYSg4ye+JyHpCzaDeWztr40YjYBNBMgfxCmylNsvLpY43OlKj3xTd2VecjkonLC AFql0iFH78TMnuKfl2yMS4bTm43HcLe0B0IgGWskGGZUp5i5POUcFwqpUTu3r9Xf RwuxjK0lJFdU7X5PglnC =QREu -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org