Hi, after long time of trying to setup a (demo)certificate from thawte.com or trustcenter.de I finally made it. And because of the numerous questions on this list concerning this topic, I thought it would be a good idea to share my gained "wisdom" :-) So what follows is a step-by-step instruction on how to install a commercial (*not* self signed or openssl) certificate: 1. generate a local certificate: keytool -genkey -alias tomcat -keyalg RSA -keystore <myfile> where <myfile> is the name of the desired keystore-file 2. generate the CSR (you need it to request your (demo)certificate) keytool -certreq -keyalg RSA -alias tomcat -file certreq.pem -keystore <myfile> now you have a file called "certreq.pem". Send this to your trustcenter. 3. most trustcenters do not deliver a so called "chained certificate", so you have to install their root-certificate (their website says where to find it) keytool -import -alias root -keystore <myfile> -trustcacerts -file <root-cert-file> 4. after your final (demo)certificate has been sent to you, install it like this keytool -import -alias tomcat -keystore <myfile> -trustcacerts -file <received-cert-file> For the tomcat-specific part of the installation go to the *real good* tomcat-doc-page: http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html I hope it helped somebody... If there are any questions/suggestions/etc... simply hit "REPLY" (-: greets, pero
