I'm sorry I didn't see this sooner (or did you post before you purchased?).
I've installed a Thawte Certificate (one year ago), and then installed the renewal certificate again this month.
The first installation was a nightmare, because no-one seemed to know all of the required details (and you must get them ALL correct, or nothing works!)
Anyway, the technicians at Thawte finally figured the problem, and we got it working.
This time, I simply followed the same process and it worked the very first time.
I'm attaching an abbreviated step-by-step for SSL certificates using ONLY Tomcat (no Apache in the loop). This is a DOS-type BATCH file that I used on my Win2K machine to generate the appropriate certificates. The actual certificate runs on my production server, which is Solaris 2.8 on a Sparc E250, running only Tomcat and MySQL. In otherwords, the process should be portable.
The only other IMPORTANT item is the type of certificate. In my case, the only mistake in the whole original process (that caused everything to fail) was that I requested the wrong certificate type. Once the correct certificate was requested, it all worked - and has been working ever since!
The type you want is "PKCS #7" no other type worked for me (we tried them all <G>).
If you cannot get it to work with JUST Tomcat at all, get a refund and RUN (don't walk) to the Thawte website and get one of theirs.
Cheers,
-Richard
DISCLAIMER: I have no connection whatsoever with Thawte. I receive nothing for endorsing their certificate. The only reason I endorse Thawte is that I know their certs do work with Tomcat, and their tech support is pretty good.
Subject: Re: Help! Anyone successfully install a purchased certificate? They do have Apache instructions. But I guess I better request that soon before the warranty runs out. LOLThey have instructions for how to do create and install it with generic Java based servers but it hasn't been specific enough with Tomcat. -Matt --- Ian Hunter <[EMAIL PROTECTED]> wrote:>From what I understand, some different certificate vendors require different installation methods... Did they include instructions for IIS or Apache, for instance? Worst possible case you could front-end your site(s) with Apache and use connectors to get to Tomcat. ----- Original Message ----- From: "Matt Fury" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, February 20, 2003 3:58 PM Subject: Help! Anyone successfully install a purchased certificate? > Has anyone successfully installed a purchase root > certificate? I've purchased a cert from installssl.com > and they haven't been much help. > > I've done everything I am supposed to but it just > won't get recognized when I hit the page. I know the > Tomcat SSL is working because a self-generated one > works fine but when I try to import the purchased > cert, when a user hits the page it just thinks its > still a self-generated one. > > Any ideas? I've started with a clean keystore and no > luck. > > -Matt > >---------------------------------------------------------------------> To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] >
@echo off
rem mycompany.com
rem INSTRUCTIONS
rem 1. BE SURE JAVA (I use SDK 1.4) is installed and WORKING before you begin...
rem 2. unremark the lines with asterisks '*' for each step in the process.
rem the batch file is run once for each step.
rem 3. BETWEEN Step 2 and 3, you must copy the CSR to the appropriate place on the
rem Thawte website and request the PKCS#7 certificate. It will arrive by email
rem once all the 'paperwork' has been processed. Save this as a text file
'myc-thawte.txt'
rem and proceed to step 3.
rem 4. Of course, you will have to modify the field data to suit your actual
information.
rem STEP 1. - generate the .keystore file (self-signed certificate)
rem remove the .keystore file or step 1 will fail
rem* if exist .keystore del .keystore
rem generate the self-signed certificate
rem* keytool -genkey -alias tomcat -keyalg RSA -keystore .keystore -dname
"CN=mycompany.com, OU=myc, O=My Company Name, L=MyCity, S=MyProvince, C=CA" -storepass
mypassword
rem* copy .keystore keystore.private
rem STEP 2. - generate the csr (can be done together with step 1)
rem remove the -csr.txt file or step 2 will fail
rem* if exist *-csr.txt del *-csr.txt
rem make the appropriate CSR - mycompany.com
rem* keytool -certreq -alias tomcat -keystore .keystore -file myc-csr.txt
-storepass mypassword
rem STEP 3. - after the signer has issued the certificate, import it into a new
.keystore file
rem import thawte certificate - mycompany.com
rem* keytool -import -v -alias tomcat -trustcacerts -keystore .keystore -file
myc-thawte.txt -storepass mypassword
rem verify the keystore (I do this for every step)
keytool -list -keystore .keystore -storepass mypassword
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
