Re: Conflict openssl versus keytool
El sáb, 24-01-2004 a las 07:49, Bill Barker escribió: I sound like a broken record here :) There is a utility at http://www.comu.de/docs/tomcat_ssl.htm to import your OpenSSL certs into a JKS keystore. Alternatively, the ssl_howtow for TC 5.x contains an example of how to configure a PKCS12 keystore from an OpenSSL keystore. Thanks, a lot of thanks, work fine :-) Very much thanks. Ignacio Ignacio Barrancos Martinez [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi all, I am running two web servers on the same Linux machine. 1) is running Apache 1.3.19 and, 2) Jakarta-Tomcat-4.0.5. I have been able to successfully import and configure a Digital Certificate from Verisign into the Apache web server. When I attempt to import the Digital Certificate into the keystore for Tomcat I receive the following error message: keytool error: java.lang.Exception: Public keys in reply and keystore don't match Here are the steps that I have been following: To generate the original csar: # openssl req -new -nodes -keyout private.key -out public.csr # openssl rsa -in private.key -des3 -out secureprivate.key To import the file into Tomcat I did the following: # keytool -genkey -alias tomcat -keyalg RSA (This created the keystore in the home directory) # keytool -import -alias root -keystore .keystore \-trustcacerts -file /etc/httpd/ssl.crt/intermediate.crt (The chain certificate from Verisign) # keytool -import -alias tomcat -keystore .keystore -trustcacerts -file /etc/httpd/ssl.crt/server.crt Enter keystore password: changeit QUESTIONS: == 1) Is there a way to import this CAcertificate into a keystore that was generated using keytool, when the original CSR was generated using OpenSSL? 2) Can i import RSA key generated with openSSL, into a new keystore made with keytool? I want to import the server.crt (signed from Verisign) to my keystore using keytool. - I have read http://marc.theaimsgroup.com/?l=tomcat-userm=106293430225790w=2 and i have done all the steps until Step 11. Using IExplorer 6 (windows XP SP1) going to jakarta's app url, the browser Can't find the site, and in the bottom of the page shows little message: Can't find the name server in DNS (without error number), but the same URL using Mozilla shows validate Certificate window. Thanks in advance, Ignacio Barrancos - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Conflict openssl versus keytool
Hi all, I am running two web servers on the same Linux machine. 1) is running Apache 1.3.19 and, 2) Jakarta-Tomcat-4.0.5. I have been able to successfully import and configure a Digital Certificate from Verisign into the Apache web server. When I attempt to import the Digital Certificate into the keystore for Tomcat I receive the following error message: keytool error: java.lang.Exception: Public keys in reply and keystore don't match Here are the steps that I have been following: To generate the original csar: # openssl req -new -nodes -keyout private.key -out public.csr # openssl rsa -in private.key -des3 -out secureprivate.key To import the file into Tomcat I did the following: # keytool -genkey -alias tomcat -keyalg RSA (This created the keystore in the home directory) # keytool -import -alias root -keystore .keystore \-trustcacerts -file /etc/httpd/ssl.crt/intermediate.crt (The chain certificate from Verisign) # keytool -import -alias tomcat -keystore .keystore -trustcacerts -file /etc/httpd/ssl.crt/server.crt Enter keystore password: changeit QUESTIONS: == 1) Is there a way to import this CAcertificate into a keystore that was generated using keytool, when the original CSR was generated using OpenSSL? 2) Can i import RSA key generated with openSSL, into a new keystore made with keytool? I want to import the server.crt (signed from Verisign) to my keystore using keytool. - I have read http://marc.theaimsgroup.com/?l=tomcat-userm=106293430225790w=2 and i have done all the steps until Step 11. Using IExplorer 6 (windows XP SP1) going to jakarta's app url, the browser Can't find the site, and in the bottom of the page shows little message: Can't find the name server in DNS (without error number), but the same URL using Mozilla shows validate Certificate window. Thanks in advance, Ignacio Barrancos - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Conflict openssl versus keytool
Why do you need to import the key into Tomcat? You are using Apache for a front-end w/connector I assume, which means Apache would do the SSL stuff. Oscar On Fri, 23 Jan 2004, Ignacio Barrancos Martinez wrote: Hi all, I am running two web servers on the same Linux machine. 1) is running Apache 1.3.19 and, 2) Jakarta-Tomcat-4.0.5. I have been able to successfully import and configure a Digital Certificate from Verisign into the Apache web server. When I attempt to import the Digital Certificate into the keystore for Tomcat I receive the following error message: keytool error: java.lang.Exception: Public keys in reply and keystore don't match Here are the steps that I have been following: To generate the original csar: # openssl req -new -nodes -keyout private.key -out public.csr # openssl rsa -in private.key -des3 -out secureprivate.key To import the file into Tomcat I did the following: # keytool -genkey -alias tomcat -keyalg RSA (This created the keystore in the home directory) # keytool -import -alias root -keystore .keystore \-trustcacerts -file /etc/httpd/ssl.crt/intermediate.crt (The chain certificate from Verisign) # keytool -import -alias tomcat -keystore .keystore -trustcacerts -file /etc/httpd/ssl.crt/server.crt Enter keystore password: changeit QUESTIONS: == 1) Is there a way to import this CAcertificate into a keystore that was generated using keytool, when the original CSR was generated using OpenSSL? 2) Can i import RSA key generated with openSSL, into a new keystore made with keytool? I want to import the server.crt (signed from Verisign) to my keystore using keytool. - I have read http://marc.theaimsgroup.com/?l=tomcat-userm=106293430225790w=2 and i have done all the steps until Step 11. Using IExplorer 6 (windows XP SP1) going to jakarta's app url, the browser Can't find the site, and in the bottom of the page shows little message: Can't find the name server in DNS (without error number), but the same URL using Mozilla shows validate Certificate window. Thanks in advance, Ignacio Barrancos - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Conflict openssl versus keytool
I sound like a broken record here :) There is a utility at http://www.comu.de/docs/tomcat_ssl.htm to import your OpenSSL certs into a JKS keystore. Alternatively, the ssl_howtow for TC 5.x contains an example of how to configure a PKCS12 keystore from an OpenSSL keystore. Ignacio Barrancos Martinez [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi all, I am running two web servers on the same Linux machine. 1) is running Apache 1.3.19 and, 2) Jakarta-Tomcat-4.0.5. I have been able to successfully import and configure a Digital Certificate from Verisign into the Apache web server. When I attempt to import the Digital Certificate into the keystore for Tomcat I receive the following error message: keytool error: java.lang.Exception: Public keys in reply and keystore don't match Here are the steps that I have been following: To generate the original csar: # openssl req -new -nodes -keyout private.key -out public.csr # openssl rsa -in private.key -des3 -out secureprivate.key To import the file into Tomcat I did the following: # keytool -genkey -alias tomcat -keyalg RSA (This created the keystore in the home directory) # keytool -import -alias root -keystore .keystore \-trustcacerts -file /etc/httpd/ssl.crt/intermediate.crt (The chain certificate from Verisign) # keytool -import -alias tomcat -keystore .keystore -trustcacerts -file /etc/httpd/ssl.crt/server.crt Enter keystore password: changeit QUESTIONS: == 1) Is there a way to import this CAcertificate into a keystore that was generated using keytool, when the original CSR was generated using OpenSSL? 2) Can i import RSA key generated with openSSL, into a new keystore made with keytool? I want to import the server.crt (signed from Verisign) to my keystore using keytool. - I have read http://marc.theaimsgroup.com/?l=tomcat-userm=106293430225790w=2 and i have done all the steps until Step 11. Using IExplorer 6 (windows XP SP1) going to jakarta's app url, the browser Can't find the site, and in the bottom of the page shows little message: Can't find the name server in DNS (without error number), but the same URL using Mozilla shows validate Certificate window. Thanks in advance, Ignacio Barrancos - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
