I've been floundering for too many hours/days having ventured into the java/keytool/keystore/CAcert realm for the first time to produce a CA signed certificate for JBoss/Tomcat.
We have a Verisign/RSA cert, hostname.crt that produces the following when imported using 'keytool':
$ keytool -import -trustcacerts -file hostname.crt -keystore hostname.keystore
Enter keystore password: secret
Owner: CN=hostname.berkeley.edu, OU=MY-ORG-UNIT, O="University of California, Berkeley", L=Berkeley, ST=California, C=US
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Serial number: 63ba7416f9d061ad65db8b61554bd8c3
Valid from: Wed Aug 13 17:00:00 PDT 2003 until: Fri Aug 13 16:59:59 PDT 2004
Certificate fingerprints:
MD5: 05:A7:B1:17:6B:C2:0B:FA:9A:B9:80:22:6A:B0:96:6B
SHA1: B9:34:D0:58:C4:9C:01:CD:C1:05:D9:FD:C1:D1:45:43:E3:6C:17:1A
Trust this certificate? [no]: yes
Certificate was added to keystore
And if you're still reading, some questions:
1. Should the "Trust this certificate?" prompt appear if a corresponding CA cert entry
exists in $JAVA_HOME/jre/lib/security/cacerts ?
2. Is it necessary to go through the CSR (Certificate Signing Request) process when
you already have a server cert file?
3. What else is needed in addition to an existing server cert file if you don't have to go
through the CSR process?
Thanks, Robert
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
