Jan, No, I haven't got anywhere yet with this. I have taken a look at the suggested pkcs12 http://www.openssl.org/docs/apps/pkcs12.html but that hasn't broght me that much further.
I'll let you know if I find a solution, and, please, do likewise - surely I wouldn't to buy a new certificate. Giulia =Are you getting somewhere with this issue ? I have the same problem ( I =need to use =the certificate that was previously on Apache ) and I'm at the dead end =s =of now, =hoping for a response from this list. Yes or No would do also, but no =response yet. :(( =Jf On Tue, 1 Apr 2003, Giulia Hill wrote: > > Following the How-to, I have almost successfully activated SSL on tomcat > 4.1. The problem I'm having is that I can't load the Verisign certificate, > a certificate which I already have and that I'm using with Apache. > > this is what I have done > > % keytool -genkey -alias tomcat -keyalg RSA -keystore ./.keystore > and entered the values of CN etc. as they appear also on the certificate > > I have downloaded the verisign.crt from the site indicated on the docs > % keytool -import -alias root -keystore ./.keystore -trustcacerts -file verisign.crt > > However if I use my certificate as it is, I get the error > % keytool -import -alias tomcat -keystore ./.keystore -trustcacerts -file > sunsite2.crt > java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.at > sun.security.util.DerInputStream.getLength(DerInputStream.java:513) > > I thougth it could be that the certificate was not in X509 format, so I > have done the conversion as > % /opt/openssl-0.9.6b/apps/openssl x509 -outform DER -in sunsite2.crt -out > sunsite2.X509.crt > > But, when I try to load it into the keystore I get the error: > % keytool -import -alias tomcat -keystore ./.keystore -trustcacerts -file > sunsite2.X509crt > keytool error: java.lang.Exception: Public keys in reply and keystore don't match > > What am I doing wrong? Generating a new certificate is not an option since > we have already paid for the current one, so I need to be able to use what > I already have > > Thank for your suggestions, > > Giulia > ---------------------------- Giulia Hill Programmer/Analyst Library Systems Office University of California at Berkeley 386 Doe Annex Berkeley, CA 94720 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
