Okay, using the .pfx file directly and the keystoreType="PKCS12" worked with no hitches. Well, one minor hitch but that was pilot error on my part. Many thanks!
rjsjr > > That's great advice but it doesn't answer my > > basic question of whether or not I can import > > a certificate that was issued based on a > > request generated by IIS. > > Since I don't use IIS, I don't know the answer. > However, if you can export the cert in pkcs12 > format (which Windows usually does with the > "export private key" option), then you should > be able to use the resulting (either ".p12" or > ".pfx") file as your keystore. You need to > set 'keystoreType="pkcs12"' on the Factory > element. Sun's support for pkcs12 is a bit > limited, so make certain that you only export > your server's cert, and *not* the signers as > well. > > Since you are using a Verisign cert, this > should be enough (since the signer is already > in cacerts). > > Alternatively, once you have your ".p12" file, > you can use OpenSSL or otherwise to split it > out into a private-key and certificate file. > You can then use the program at > http://www.comu.de/docs/tomcat_ssl.htm to > import them. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
