I think I got a little idea after I re-read the keytool doc. You see, when we generate the cert using keytool, both the private key and the public key are stored in the keystore. And when we import the cert reply from the CA, keystore will associate the private key with the cert that wraps up the corresponding public key, right?
However, in my project, I have the browser IE generate the pkcs10 request and submit the request to the CA. Apparently IE does not use the SUN keystore facility. Thus, when I get the cert reply from the CA and import it into the SUN keystore, the SUN keystore has no way of matching the cert with a private key because the the private key does not exist in the SUN keystore, it is stored in the keystore that IE maintains, although the SUN keystore still imports the cert. Does my conjecture sound reasonable? Thank you for your continued education. Mark --- Mufaddal Khumri <[EMAIL PROTECTED]> wrote: > I suggest that you try using your certificate with > other applications > for instance send yourself a digitally signed email > using your > certificate. If your certificate works with another > app then probably > there is something wrong with the way tomcat is > handling certificates. > If not (which is most probably the case) then there > is something > missing from the certificate. So I would strongly > recommend you to try > using your "little java application" generated > certificate with some > other app other than tomcat and see how it works. > > Thanks. > > On Saturday, March 15, 2003, at 12:39 AM, Mark Liu > wrote: > > > Well, I've never tried any other application. I > only > > know that I can import it into the keystore, I can > > also import it into the browser (IE). > > > > > > --- Mufaddal Khumri <[EMAIL PROTECTED]> wrote: > >> Do your certificates work with other applications > in > >> other scenarios ? > >> > >> On Saturday, March 15, 2003, at 12:28 AM, Mark > Liu > >> wrote: > >> > >>> I am not sure if they are of the same format. I > >> only > >>> know that I am able to import the certificate > >>> generated by my "little Java program" into the > >>> keystore as alias tomcat. > >>> > >>> Anywhere I can check the format of the > >>> keytool-generated certificate? > >>> > >>> --- Mufaddal Khumri <[EMAIL PROTECTED]> > wrote: > >>>> Is your certificate format generated by your > >>>> "little java program" > >>>> exactly like the keytool generated certificate > ? > >>>> Have you tested your > >>>> certificates with other applications to see if > >> you > >>>> are producing them > >>>> correctly ? > >>>> > >>>> thanks. > >>>> On Friday, March 14, 2003, at 09:21 AM, Mark > Liu > >>>> wrote: > >>>> > >>>>> I know you guys have your great strategies in > >>>>> balancing Apache and Tomcat. > >>>>> > >>>>> But, my project isn't really so picky about > >>>>> efficiency, so I simply run Tomcat with SSL > all > >>>> the > >>>>> time. It simplifies my project a little bit. > >>>>> > >>>>> But then I do need to be able to run Tomcat > SSL > >>>> with > >>>>> the certificated generated by my little Java > >>>> program. > >>>>> > >>>>> > >>>>> --- mike jackson <[EMAIL PROTECTED]> wrote: > >>>>>> I've always run tomcat as a backend to > apache. > >>>>>> Apache may or may not > >>>>>> implement ssl. That said, every time I've > >>>>>> implemented ssl I've done it > >>>>>> at the apache level, never at the tomcat > level. > >>>> In > >>>>>> fact the few times > >>>>>> that I've wanted ssl at the tomcat level > >> (usually > >>>>>> because I'm not > >>>>>> running apache) I've ended up setting up > apache > >>>> to > >>>>>> run as the front end. > >>>>>> > >>>>>> But that's just me. > >>>>>> > >>>>>> --mikej > >>>>>> -=----- > >>>>>> mike jackson > >>>>>> [EMAIL PROTECTED] > >>>>>> > >>>>>> -----Original Message----- > >>>>>> From: Mark Liu [mailto:[EMAIL PROTECTED] > >>>>>> Sent: Thursday, March 13, 2003 6:44 PM > >>>>>> To: Tomcat Users List > >>>>>> Subject: Do you run Tomcat with SSL? > >>>>>> > >>>>>> I am able to run Tomcat SSL with the > >>>>>> keytool-generated > >>>>>> certificate, but not the certificate my > little > >>>> Java > >>>>>> program generates. > >>>>>> > >>>>>> I've been asking this question for a while in > >>>> this > >>>>>> list. But it seems nobody has an answer to > it. > >>>> So > >>>>>> you guys never run Tomcat in SSL mode? Or > you > >>>> guys > >>>>>> always use the keytool-generated certificate > >> for > >>>> the > >>>>>> SSL? > >>>>>> > >>>>>> > >>>> > >> > __________________________________________________ > >>>>>> Do you Yahoo!? > >>>>>> Yahoo! Web Hosting - establish your business > >>>> online > >>>>>> http://webhosting.yahoo.com > >>>>>> > >>>>>> > >>>>> > >>>> > >>> > >> > > > --------------------------------------------------------------------- > >>>>>> To unsubscribe, e-mail: > >>>>>> [EMAIL PROTECTED] > >>>>>> For additional commands, e-mail: > >>>>>> [EMAIL PROTECTED] > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>> > >>>> > >>> > >> > > > --------------------------------------------------------------------- > >>>>>> To unsubscribe, e-mail: > >>>>>> [EMAIL PROTECTED] > >>>>>> For additional commands, e-mail: > >>>>>> [EMAIL PROTECTED] > >>>>>> > >>>>> > >>>>> > >>>>> > >> > __________________________________________________ > >>>>> Do you Yahoo!? > >>>>> Yahoo! Web Hosting - establish your business > >>>> online > >>>>> http://webhosting.yahoo.com > >>>>> > >>>>> > >>>> > >>> > >> > > > --------------------------------------------------------------------- > >>>>> To unsubscribe, e-mail: > >>>> [EMAIL PROTECTED] > >>>>> For additional commands, e-mail: > >>>> [EMAIL PROTECTED] > >>>>> > >>>> > >>>> > >>>> > >>> > >> > > > --------------------------------------------------------------------- > >>>> To unsubscribe, e-mail: > >>>> [EMAIL PROTECTED] > >>>> For additional commands, e-mail: > >>>> [EMAIL PROTECTED] > >>>> > >>> > >>> > >>> > __________________________________________________ > === message truncated === __________________________________________________ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
