I have an Apache+mod_ssl+Tomcat configuration that's been working fine for several years. I have an SSL certificate from Verisign, and my httpd.conf file contains:
SSLCertificateFile /path/to/server.crt SSLCertificateKeyFile /path/to/server.key
The private key is unencrypted so that the server can restart automatically.
Now I'd like to use the same certificate and private key in a Tomcat-only configuration, but I can't quite figure out how to get these two pieces of information into keytool for tomcat to use!
It's easy enough to import the certificate:
keytool -import -alias tomcat -file /path/to/server.crt
but I know that the private key needs to be in the keystore too, and I haven't been able to figure out how to get it in there!
Simply trying to import it:
keytool -import -alias tomcat -file /path/to/server.key
gives me the message:
keytool error: java.lang.Exception: Input not an X.509 certificate
which doesn't really surprise me because the private key is not an X.509 certificate! But how can I tell keytool about my private key?
Can I do this? If so, how? Can I do it with just keytool? Do I need to use openssl to tweak something?
I saw some comments in the httpd.conf file (comments added by mod_ssl) that suggest the certificate and the private key can be "combined" somehow. Is this what I need to do? If so, how do I do this?
Or do I have to toss my old keys and generate a new CSR with keytool? The Tomcat tutorial on how to do that seems reasonably straightforward. But I would much prefer to use my existing key and certificate!
I actually tried this for the first time two years ago. After trying everything I could think of, and posting to tomcat-user and getting no replies, I gave up and left things the way they were. Now, two years later, I *still* can't figure out, or find a recipe, to explain how to migrate from an Apache/mod_ssl/Tomcat configuration to a plain Tomcat configuration!
Thanks for any help.
Scott
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
