Giulia Hill wrote:
Following the How-to, I have almost successfully activated SSL on tomcat 4.1. The problem I'm having is that I can't load the Verisign certificate, a certificate which I already have and that I'm using with Apache.
this is what I have done
% keytool -genkey -alias tomcat -keyalg RSA -keystore ./.keystore and entered the values of CN etc. as they appear also on the certificate
I have downloaded the verisign.crt from the site indicated on the docs % keytool -import -alias root -keystore ./.keystore -trustcacerts -file verisign.crt
However if I use my certificate as it is, I get the error % keytool -import -alias tomcat -keystore ./.keystore -trustcacerts -file sunsite2.crt java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.at sun.security.util.DerInputStream.getLength(DerInputStream.java:513)
I thougth it could be that the certificate was not in X509 format, so I have done the conversion as % /opt/openssl-0.9.6b/apps/openssl x509 -outform DER -in sunsite2.crt -out sunsite2.X509.crt
But, when I try to load it into the keystore I get the error: % keytool -import -alias tomcat -keystore ./.keystore -trustcacerts -file sunsite2.X509crt keytool error: java.lang.Exception: Public keys in reply and keystore don't match
What am I doing wrong? Generating a new certificate is not an option since we have already paid for the current one, so I need to be able to use what I already have
Thank for your suggestions,
Giulia
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--
Mark Webb
Software Engineer
Dolphin Technology
474 Phoenix Drive
Rome, NY 13441-4911
Phone : 315.838.7000 : 315.838.7024
Fax : 315.838.7096
Email : [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
