El sáb, 24-01-2004 a las 07:49, Bill Barker escribió: > I sound like a broken record here :) > There is a utility at http://www.comu.de/docs/tomcat_ssl.htm to import your > OpenSSL certs into a JKS keystore. Alternatively, the ssl_howtow for TC 5.x > contains an example of how to configure a PKCS12 keystore from an OpenSSL > keystore. >
Thanks, a lot of thanks, work fine :-) Very much thanks. Ignacio > "Ignacio Barrancos Martinez" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > Hi all, > > > > I am running two web servers on the same Linux machine. > > 1) is running Apache 1.3.19 and, > > 2) Jakarta-Tomcat-4.0.5. > > > > I have been able to successfully import and configure a Digital > > Certificate from Verisign into the Apache web server. > > > > When I attempt to import the Digital Certificate into the keystore for > > Tomcat I receive the following error > > message: > > > > keytool error: java.lang.Exception: Public keys in reply and keystore > > don't match > > > > Here are the steps that I have been following: > > > > To generate the original csar: > > > > # openssl req -new -nodes -keyout private.key -out public.csr > > # openssl rsa -in private.key -des3 -out secureprivate.key > > > > To import the file into Tomcat I did the following: > > > > # keytool -genkey -alias tomcat -keyalg RSA > > (This created the keystore in the home directory) > > > > # keytool -import -alias root -keystore .keystore \-trustcacerts > > -file /etc/httpd/ssl.crt/intermediate.crt > > (The chain certificate from Verisign) > > > > # keytool -import -alias tomcat -keystore .keystore -trustcacerts -file > > /etc/httpd/ssl.crt/server.crt > > Enter keystore password: changeit > > > > QUESTIONS: > > ========== > > 1) Is there a way to import this CAcertificate into a keystore that was > > generated using keytool, when the original CSR was generated using > > OpenSSL? > > > > 2) Can i import RSA key generated with openSSL, into a new keystore made > > with keytool? I want to import the server.crt (signed from Verisign) to > > my keystore using keytool. > > > > -> I have read > http://marc.theaimsgroup.com/?l=tomcat-user&m=106293430225790&w=2 > > and i have done all the steps until Step 11. Using IExplorer 6 (windows XP > SP1) > > going to jakarta's app url, the browser Can't find the site, and in the > bottom of > > the page shows little message: "Can't find the name server in DNS" > (without error > > number), but the same URL using Mozilla shows validate Certificate window. > > > > Thanks in advance, > > Ignacio Barrancos > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
