Cool. I think other CAs have the same policy. How many times can you revoke/renew with Verisign? Is it only once?
BTW, it appears a DSA encrypted server will cause a Netscape browser to throw an exception. Apparently Netscape only handles RSA. There are probably other clients & servers that will cause the same incompatibility problem with a DSA encrypted server. Since it is apparent, I guess, that it's too much trouble to change the default keyalg to RSA in the keytool command, the language should be much stronger in the tomcat and ssl instructions to specify RSA encryption. Thanks for your input. --- [EMAIL PROTECTED] wrote: > > You can revoke/renew with verisign for NO CHARGE > within 30days. > FWIW: We specify RSA. > > Bruce Perryman wrote: > > >Thanks Mark, and all others, for your help. > > > >As I mentioned, we did get this to work. The only > >problem was that we didn't specify the keyalg param > >nor rsa so the default is dsa. > > > >I posted another question "Is DSA OK", but no one > >seems to know. It appears that DSA doesn't handle > >encryption, but I'm not sure also it seems that > there > >can be compatiblity issues between RSA and DSA. But > >since I've already gotten the cert from the CA, I > may > >be screwed. > > > >Any ideas? > >--- Mark Thomas <[EMAIL PROTECTED]> wrote: > > > > > >>Bruce, > >> > >>Sorry. Don't know. I have only ever got it working > >>using RSA. However, > >>when I did this I got so many things wrong the > first > >>20 or so times I > >>tried it it could have been anything stopping it > >>working. > >> > >>Mark > >> > >>Bruce Perryman wrote: > >> > >> > >>>Thanks, > >>> > >>>It worked, the only problem is that we failed to > >>>specify the RSA algorithm. > >>> > >>>Are we screwed for using DSA? > >>> > >>>--- Mark Thomas <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>> > >>> > >>>>The following steps should work (although I have > >>>>only ever done this > >>>>using my own CA). > >>>> > >>>>1. Create tomcat key in your own keystore > >>>>2. Create CSR > >>>>3. Submit CSR > >>>>4. Get response > >>>>5. Import CA's root cert to cacerts > >>>>(%JAVA_HOME%\jre\lib\security\cacerts) > >>>>6. Import new cert to same keystore as 1 (use > same > >>>>alias & trustcacerts > >>>>option) > >>>>7. Restart Tomcat > >>>> > >>>>HTH > >>>> > >>>>Mark > >>>> > >>>> > >> > >> > >> > >--------------------------------------------------------------------- > > > > > >>To unsubscribe, e-mail: > >>[EMAIL PROTECTED] > >>For additional commands, e-mail: > >>[EMAIL PROTECTED] > >> > >> > >> > >> > > > >__________________________________________________ > >Do You Yahoo!? > >Tired of spam? Yahoo! Mail has the best spam > protection around > >http://mail.yahoo.com > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: > [EMAIL PROTECTED] > >For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
