Re: SSL

[jejones]

Actually, I did not start with the old cert. I generated a completely 
new cert, started with the chaincert, then imported the new cert that 
verisign sent back.

This is the connector tect:
<Factory 
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"clientAuth="false" 
protocol="TLS" keystorefile="/usr/local/qmetrix/.keystore" keystorePass=

Here are the steps I used to generate the cert:
keytool -genkey -keyalg RSA -alias tomcat –keystore 
//export/home/jjones//.keystore
then
keytool -certreq -keyalg RSA -alias tomcat –keystore////export/home/jjones//.keystore 
-file <filename>

then once we receive the cert back from VERISIGN...

<http://www.thawte.com/certs/trustmap.html>
Import the Chain Certificate into you keystore
keytool -import -alias root -keystore <your_keystore_filename> -trustcacerts -file <filename_of_the_chain_certificate>                                                                               

And finally import your new Certificate (It must be in X509 format):
                                                                                                                                               
keytool -import -alias tomcat -keystore <your_keystore_filename> -trustcacerts -file <your_certificate_filename> 

Then I moved the keystore from my home directory to the "connector" 
defined location. In this case, does keytool built the path from my home 
directory in the keystore file?

Jeff
Jason Bainbridge wrote:
On 4/26/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
 

I generated a new cert request utilizing keytool, sent that to verisign,
they returned the cert. Then I created a new keystore file, first
importing a chaincert, then importing the new cert.  When I stop the
server, move the keystore file in place, start the server up, I continue
to get an expiration notice upon https request to the host.  In a
troubleshooting effort, I moved the keystore file, stop/started the
server and *still* get the expired notice upon https request... The
server.xml file' SSL config points to the directory for which I have
located the keystore file too.
   

Are you specifying the location of the keystore with a keystoreFile
parameter in your HTTPS connector? If not you might be dealing with
the wrong .keystore by default I think it stores it in the home
directory of the user that created it so it might be pointing to the
wrong one. Try using the keystoreFile if you aren't already.
Plus I don't think you can do it the way you did by creating the CSR
in your old .keystore and then importing it into the new one, the cert
Verisign returned needs to match up with the CSR if I understand it
correctly.
Regards,
 


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]