Just bumped into this problem myself. Didn't know that the ImportKey code exists so had to write my own :-(. I think that your problem is (based on the problem I had) that when you use ImportKey on the certificate you received from Verisign, you don't have a certificate chain to the intermediate CA. The simplest solution that worked for me was to edit the certificate from verisign and paste the intermediate certificate after your certificate thus creating the certificate chain. -----BEGIN CERTIFICATE----- Your certificate here -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- Verisign intermediate certificate here -----END CERTIFICATE-----
I think that the only reason it worked so far was that the intermediate certificate exists in IE predefined certificates (cached there under Tools->Internet Options->Content->Certificates->Intermediate Certificate Authorities). Hope that helps, Slavik. -----Original Message----- From: Jorrit Kronjee [mailto:[EMAIL PROTECTED] Sent: Monday, January 12, 2004 12:08 PM To: [EMAIL PROTECTED] Subject: problems with adding Verisign root certificate to keystore Dear list, I've been browsing to the archives a bit, but I couldn't find what i am looking for, so I'll ask here. Since the expiration of one of the Verisign certificates, the SSL certificate on our Tomcat server is no longer valid. Back then I imported the key and certificate with ImportKey from http://www.computer-mutter.de/docs/tomcat_ssl/comu/ImportKey.java That still works, but somehow I can't add the new Verisign certificate too. I've tried adding it with alias "root" through keytool, but it doesn't seem to work. I also added the new certificates from Verisign to cacerts as http://sunsolve.sun.com/pub-cgi/retrieve.pl?type=0&doc=fsalert/57436 suggests. What am I doing wrong? Thanks in advance, Jorrit -- InfoPact Netwerkdiensten B.V. http://www.infopact.nl/ Emmastraat 11-13 3255 BD Oude Tonge tel. +31(0)187-64 77 11 fax. +31(0)187-64 77 99 --------------------------------------------------------------------------------------------------------------- This message contains information that may be confidential or privileged. If you are not the intended recipient, you may not use, copy or disclose to anyone any of the information in this message. If you have received this message and are not the intended recipient, kindly notify the sender and delete this message from your computer. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
