Personally, I think that the easiest way to move an Apache cert to a Tomcat cert is to export it to a pkcs12 file and use that as the keystore (of course, setting keystoreType="pkcs12" on the Factory element).
Using OpenSSL, something like: $ openssl pkcs12 -export -chain -inkey server.key -in server.crt -CAfile ca.crt \ -name tomcat -caname root -out server.p12 "Twan Munster" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] Hello, I've always used apache http server for client authenticatien with ssl. I've installed Tomcat now voor mij jsp's. But I'm not able to get the ssl client authentication working. The problem is getting my existing certificates working in tomcat. Is apache http server it was very easy. I configured all the stuff in my httpd.conf. I also tried to get tomcat working with keytool. But ther's something I do wrong. I alwas get "handshake error". Can somebody please tell me how to use keytool. I've got the following certificates: 1 server.crt = server certificate 2 ca.crt = chain certificate 3 ca-bundle.crt = lots of certificates for client authentication 4 server.key = i really don't know how to get this one in keytool Thnx Twan Munster --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]