hi. I want to use Tomcat SSL standalone, and I have a certificate for the apache + mod_ssl generated by openssl and verified by verisign.
Can it use the existing certificate ? I'm using Tomcat 3.3 and JDK-1.3.1 and I also tried J2SDK-1.4. If it can, please tell me how can I do it or some pointers. I already read the tomcat SSL howto documents. http://jakarta.apache.org/tomcat/tomcat-3.2-doc/tomcat-ssl-howto.html http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html Actually I could import the certificate into my keystore but I could not make certificate chain. This is what I do. ************************************************************ key.pem <- This is key generated with openssl. csr.pem <- This is csr used when I applied to verisign. gsid.crt <- This is global server ID returned from verisign. $ openssl req -x509 -in csr.pem -key key.pem -out cert.pem I entered passphrase and cert.pem was created and .. the key was certificated by Intermediate CA certificate so I have to import it. $ keytool -import -trustcacerts -alias intermediateca -file intermediate.pem and I import the certificate. $ keytool -import -trustcacerts -alias tomcat -file cert.pem $ keytool -list -v -keystore ./keystore Enter keystore password: XXXXXXXX Keystore type: jks Keystore provider: SUN Your keystore contains 2 entries Alias name: intermediateca Creation date: Jun 12, 2002 Entry type: trustedCertEntry Owner: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign, Inc.", O=VeriSign Trust Network Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Serial number: 236c971e2bc60d0bf97460def108c3c3 Valid from: Thu Apr 17 09:00:00 JST 1997 until: Thu Jan 08 08:59:59 JST 2004 Certificate fingerprints: MD5: 18:87:5C:CB:F8:20:5D:24:4A:BF:19:C7:13:0E:FD:B4 SHA1: 8B:24:CD:8D:8B:58:C6:DA:72:AC:E0:97:C7:B1:E3:CE:A4:DC:3D:C6 ******************************************* ******************************************* Alias name: tomcat Creation date: Jun 12, 2002 Entry type: trustedCertEntry Owner: CN=www.example.com, O="Current, Inc.", OU="Member, VeriSign Trust Network", OU=Authenticated by VeriSign Japan K.K., OU=Terms of use a t www.verisign.co.jp/RPA (c)00, L=CHIYODA-KU, ST=TOKYO, C=JP Issuer: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign, Inc.", O=VeriSign Trust Network Serial number: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Valid from: Tue Apr 23 09:00:00 JST 2002 until: Thu May 08 08:59:59 JST 2003 Certificate fingerprints: MD5: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SHA1: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx ******************************************* ******************************************* thank you in advance for your help. KeigoTANAKA <[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>