Thanks for the info. I got the key exported from IIS in the PKCS12 format and used OpenSSL to generate a .pem file containing the private key and site certificate from that (for testing purposes I'm using an internal CA so the CA certificate was in there as well). The issue that I'm running into now is that the SDK keytool will not import a private key. Sigh. I was hoping to avoid using something other than keytool since I have a hard enough time convincing my production IT staff to get rid of IIS so minimizing the number of conversion apps is a good thing.
I'll try playing with the keystore type to use the PKCS file directly. If that fails then I'll have to try the other stuff. Thanks for the advice. rjsjr > > That's great advice but it doesn't answer my > > basic question of whether or not I can import > > a certificate that was issued based on a > > request generated by IIS. > > Since I don't use IIS, I don't know the answer. > However, if you can export the cert in pkcs12 > format (which Windows usually does with the > "export private key" option), then you should > be able to use the resulting (either ".p12" or > ".pfx") file as your keystore. You need to > set 'keystoreType="pkcs12"' on the Factory > element. Sun's support for pkcs12 is a bit > limited, so make certain that you only export > your server's cert, and *not* the signers as > well. > > Since you are using a Verisign cert, this > should be enough (since the signer is already > in cacerts). > > Alternatively, once you have your ".p12" file, > you can use OpenSSL or otherwise to split it > out into a private-key and certificate file. > You can then use the program at > http://www.comu.de/docs/tomcat_ssl.htm to > import them. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
