Hi Chris-
I had to do this myself a month ago.
You can't use Sun's keytool to import private keys into keystores. You'll need to use something else to load the private key and corresponding cert into a keystore which Tomcat can then read.
See the program and notes at http://www.comu.de/docs/tomcat_ssl.htm - it will explain how to use openssl to convert an existing private key and cert into a format that can then be loaded (using source code they provide) into a Java JKS keystore.
Let me know if you need more details.
-Jim
Chris Purcell wrote:
I have an Apache server with an SSL certificate installed from a CA. Its just a plain text certificate that looks like this..
-----BEGIN CERTIFICATE----- MIID/DCCAuSgAwIBAgIEAIXW1jANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMC blablablba /WeCY0ZzyRYuHhQYIm3R+A== -----END CERTIFICATE-----
I want to move this certificate to a new server that only runs Tomcat in standalone mode. I tried to convert it like this (below) but am getting an error...
[EMAIL PROTECTED] cert# openssl pkcs12 -export -inkey host-privkey.pem -in server.cert -out host.foo.org.pfx [EMAIL PROTECTED] cert# /usr/java/bin/keytool -import -file host.foo.org.pfx Enter keystore password: changeit keytool error: java.lang.Exception: Input not an X.509 certificate
Am I doing something wrong here?
Thanks, Chris
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
