John, Thanks for your reply to my post.
If I understand you correctly, I may not need to bother with the keystore at all. If IIS is the web server, and I have an SSL certificate installed in IIS, then I don't need to have an additional certificate stored in a keystore file for Tomcat to use. True? Does this hold true when I am using the isapi_redirector to have Tomcat serve servlets/JSP pages? Thanks, Keith -----Original Message----- From: John Roth [mailto:[EMAIL PROTECTED]] Sent: Monday, April 15, 2002 9:24 AM To: 'Tomcat Users List'; 'Hugh Brien' Subject: RE: How many SSL certificates are needed for Tomcat with IIS? Also, each server sends a machine+server specific character set to Verisign (or any other certifier). For example: a keystore generated CertRequest will create a different request than an IIS generated CertRequest, all other things being equal (IP address, domain name, etc.). In a normal Web Server/Tomcat (App) Server environment, the Web Server is what is responsible for SSL encryption. This is the same regardless of the web server (IIS, Apache, Netscape, or any other). In some environments Tomcat is the web server, hence the SSL support in Tomcat. Summary: Only the web server needs the certificate. If this is IIS, you must generate the request via IIS. If the web server is going to be Tomcat, via the HTTPConnector, use keystore to generate the request. John -----Original Message----- From: Hugh Brien [mailto:[EMAIL PROTECTED]] Sent: Sunday, April 14, 2002 12:44 AM To: Tomcat Users List Subject: Re: How many SSL certificates are needed for Tomcat with IIS? What was the error? Did you search for the error code to see if anyone had the same problem? Certs are based on 509 however there are extensions that different vendors support. r, Hugh ----- Original Message ----- From: "Hawkins, Keith (Keith)" <[EMAIL PROTECTED]> To: "tomcat-user" <[EMAIL PROTECTED]> Sent: Friday, April 12, 2002 5:46 PM Subject: How many SSL certificates are needed for Tomcat with IIS? I generated CSR via Sun's keytool, sent it to verisign, and imported the resulting certificate into a keystore file. I tried to get IIS to import this certificate, but it rejects it. Do I have to request the certificate from IIS? Do I need to have two certificates, one for tomcat and one for IIS? Thanks, Keith -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
