You are most welcome. I do hope it works for you, but I also know you would be very happy with Thawte. I chose them based on cost (less that 1/2 verisign and others).
Cheers,
-Richard
Matt Fury wrote:
>Richard, > >Thanks so much for your reply! I'm trying one last >time with InstantSSL. We'll find out soon and I'll let >everyone know whether you can go with InstantSSL or >not! :-) > >-Matt > > >--- "Richard S. Huntrods" <huntrods@xxxxxxxxxxx> >wrote: > > >>*** I am re-sending this email with the attachment >>'kt.bat' removed and >>the text of the batch file included in email body - >>after being flooded >>with "anti-virus" messages from a couple dozen ISP's >>that have labelled >>'.bat' files as potential viruses. *** >> >> >>Matt, >> >>I'm sorry I didn't see this sooner (or did you post >>before you purchased?). >> >>I've installed a Thawte Certificate (one year ago), >>and then installed >>the renewal certificate again this month. >> >>The first installation was a nightmare, because >>no-one seemed to know >>all of the required details (and you must get them >>ALL correct, or >>nothing works!) >> >>Anyway, the technicians at Thawte finally figured >>the problem, and we >>got it working. >> >>This time, I simply followed the same process and it >>worked the very >>first time. >> >>I'm attaching an abbreviated step-by-step for SSL >>certificates using >>ONLY Tomcat (no Apache in the loop). This is a >>DOS-type BATCH file that >>I used on my Win2K machine to generate the >>appropriate certificates. The >>actual certificate runs on my production server, >>which is Solaris 2.8 on >>a Sparc E250, running only Tomcat and MySQL. In >>otherwords, the process >>should be portable. >> >>The only other IMPORTANT item is the type of >>certificate. In my case, >>the only mistake in the whole original process (that >>caused everything >>to fail) was that I requested the wrong certificate >>type. Once the >>correct certificate was requested, it all worked - >>and has been working >>ever since! >> >>The type you want is "PKCS #7" no other type worked >>for me (we tried >>them all <G>). >> >>If you cannot get it to work with JUST Tomcat at >>all, get a refund and >>RUN (don't walk) to the Thawte website and get one >>of theirs. >> >>Cheers, >> >>-Richard >> >>DISCLAIMER: I have no connection whatsoever with >>Thawte. I receive >>nothing for endorsing their certificate. The only >>reason I endorse >>Thawte is that I know their certs do work with >>Tomcat, and their tech >>support is pretty good. >> >>=======================kt.bat======================= >>@echo off >> >>rem mycompany.com >> >>rem INSTRUCTIONS >>rem 1. BE SURE JAVA (I use SDK 1.4) is installed and >>WORKING before you >>begin... >>rem 2. unremark the lines with asterisks '*' for >>each step in the process. >>rem the batch file is run once for each step. >>rem 3. BETWEEN Step 2 and 3, you must copy the CSR >>to the appropriate >>place on the >>rem Thawte website and request the PKCS#7 >>certificate. It will arrive >>by email >>rem once all the 'paperwork' has been processed. >>Save this as a text >>file 'myc-thawte.txt' >>rem and proceed to step 3. >>rem 4. Of course, you will have to modify the field >>data to suit your >>actual information. >> >>rem STEP 1. - generate the .keystore file >>(self-signed certificate) >> >>rem remove the .keystore file or step 1 will fail >>rem* if exist .keystore del .keystore >> >>rem generate the self-signed certificate >>rem* keytool -genkey -alias tomcat -keyalg RSA >>-keystore .keystore >>-dname "CN=mycompany.com, OU=myc, O=My Company Name, >>L=MyCity, >>S=MyProvince, C=CA" -storepass mypassword >>rem* copy .keystore keystore.private >> >>rem STEP 2. - generate the csr (can be done together >>with step 1) >> >>rem remove the -csr.txt file or step 2 will fail >>rem* if exist *-csr.txt del *-csr.txt >> >>rem make the appropriate CSR - mycompany.com >>rem* keytool -certreq -alias tomcat -keystore >>.keystore -file >>myc-csr.txt -storepass mypassword >> >>rem STEP 3. - after the signer has issued the >>certificate, import it >>into a new .keystore file >> >>rem import thawte certificate - mycompany.com >>rem* keytool -import -v -alias tomcat >>-trustcacerts -keystore >>.keystore -file myc-thawte.txt -storepass mypassword >> >>rem verify the keystore (I do this for every step) >> keytool -list -keystore .keystore -storepass >>mypassword >>==================================================== >> >> >Subject: Re: Help! Anyone successfully install a >>purchased certificate? >> > >> >They do have Apache instructions. But I guess I >>better >> >request that soon before the warranty runs out. >>LOL >> > >> >They have instructions for how to do create and >> >install it with generic Java based servers but it >> >hasn't been specific enough with Tomcat. >> > >> >-Matt >> > >> >--- Ian Hunter <ihunter@xxxxxxxxxxxxx> wrote: >> >> >From what I understand, some different >>certificate >> >> vendors require different >> >> installation methods... Did they include >> >> instructions for IIS or Apache, for >> >> instance? >> >> >> >> Worst possible case you could front-end your >>site(s) >> >> with Apache and use >> >> connectors to get to Tomcat. >> >> >> >> ----- Original Message ----- >> >> From: "Matt Fury" <matty@xxxxxxxxxxxx> >> >> To: <tomcat-user@xxxxxxxxxxxxxxxxxx> >> >> Sent: Thursday, February 20, 2003 3:58 PM >> >> Subject: Help! Anyone successfully install a >> >> purchased certificate? >> >> >> >> >> >> > Has anyone successfully installed a purchase >>root >> >> > certificate? I've purchased a cert from >> >> installssl.com >> >> > and they haven't been much help. >> >> > >> >> > I've done everything I am supposed to but it >>just >> >> > won't get recognized when I hit the page. I >>know >> >> the >> >> > Tomcat SSL is working because a self-generated >>one >> >> > works fine but when I try to import the >>purchased >> >> > cert, when a user hits the page it just thinks >>its >> >> > still a self-generated one. >> >> > >> >> > Any ideas? I've started with a clean keystore >>and >> >> no >> >> > luck. >> >> > >> >> > -Matt >> >> > >> >> >> >=== message truncated === > > > >
--------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@xxxxxxxxxxxxxxxxxx For additional commands, e-mail: tomcat-user-help@xxxxxxxxxxxxxxxxxx
