> From: Lee Chin Khiong [mailto:[EMAIL PROTECTED]] > > IS IT POSSIBLE TO DESCRIBE IN DETAIL WITH EXAMPLE..... > I STILL DON'T GET YOU....
Okay. I will document the steps at the earliest and circulate it to tomcat user list ( whenever the demands of my paid day job allows me to do so ) And yes, please don't shout at me. Not used to it ;-) BTW, I would have killed for the high level description ( that I gave ) when I started not knowing where to start :) /Pankaj. > > > -----Original Message----- > From: KUMAR,PANKAJ (HP-Cupertino,ex1) [mailto:[EMAIL PROTECTED]] > Sent: Friday, May 24, 2002 1:39 AM > To: 'Tomcat Users List' > Subject: RE: Openssl > > > You can do this in one of the two ways: > > A. Use keytool to generate certificate signing request and > openssl to sign > it. > Sub-steps: > 1. Generate key-pair using keytool ( -genkey operation ) > 2. Generate Certificate Signing Request or CSR ( -certreq ) > 3. Sign CSR with openssl ( ca operation in openssl ) > 4. Import openssl CA certificate into keystore specified in step 1. > Remember > to use a different alias than in step 1. > 5. Import the signed certificate ( generated by step 3 ) into the > keystore. > Remember to use the same alias as in step 1. > 6. Remove the CA certificate entry from the keystore. > > Without step 4, step 5 will fail ( as keytool cannot form a > certificate > chain ). Without step 6, there is a possiblity that tomcat > might present the > wrong certificate to the client ( as JSSE uses the first > certificate it > finds in the keystore, using an order determined by a hash function ). > > B. Create a PKCS8 certificate ( or certificate chain ) and > import it in a > keystore. > -- steps left as an exercise. > > Note: If you find the steps bit complicated and hard to get > right, You are > not alone :). I spent many frustrating hours to get it right. > But you get an > idea. > I do have plans to document these but have not been able to find time. > > Pankaj Kumar > Web Services Architect > HP Middleware > http://www.pankaj-k.net > > > -----Original Message----- > > From: Lee Chin Khiong [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, May 22, 2002 10:21 PM > > To: '[EMAIL PROTECTED]' > > Subject: Openssl > > > > > > Does anyone know how to generate cert using openssl an > apply to tomcat > > instead of keytool ? > > > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>