-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 James,
On 9/10/13 1:12 PM, James H. H. Lampert wrote: > We have a customer that wants to apply an existing multi-domain > certificate to the tomcat server in our application. > > The only thing is, all we've seen is a P7B file, not a keystore, > and we don't even know what sort of keystore they used to generate > the original CSR. "P7B" is otherwise known as a PKCS#7 file and usually contains a certificate. Does the file contain *only* a certificate, or does it also contain the key that was used to generate the CSR? If you have the cert but not the key, you won't be able to use it for serving HTTPS. > The only time a similar situation came up in the past was when > somebody jumped the gun, and assumed that since the Tomcat server > was running on an AS/400, it would use keystores and certificates > created through IBM's Digital Certificate Manager, in IBM's > proprietary format. All I can say about that is that I hope they > either got their money back for the totally unusable keystore, or > got credit on the correct one. Most CAs will re-issue certificates for the same hostname with a reasonable explanation. > Needless to say, we generally take full control of certificate > installation, in order to reduce the potential for expensive > mistakes. > > At any rate, what can be done with this customer who wants to use > their multi-domain certificate in Tomcat? Let's start with what you've actually got. You said you have a file. What's in the file? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSL4zMAAoJEBzwKT+lPKRYCsgP/i29HaX0liAzys1ULHGRTWra OObCfl0tCTQ0pI/UndnLWYpfryka4J18UdlxNcwGC5UwoMCXb3nFLCexgJFBROew 1I21wBvo7ZthsnDDRht9Vr4ja+6GS5YKyQkFSLFwOz2niSNJqhgd5BiUKPENAmq4 N64I222B7zDOyY4HbPEjpGamJ4ZigYZMKGU7PzjVuuv4vMdgXNWF7n9W5jaavIZC Y7n/Y+4hUYEl6JBjfsWogprwhKFk46mzo+mhEvRGGuUiDAjxcR4lyI8R0oDz/Xpp hIoaS7m4s3z4SuAB0OAUkzWPsui8CyJweSHkcD382bswqvmd9AuaLCiRGyWOf5j0 aPMA0GZUYXe+cYOkgBa53Rx8Ud3mELUPiS08/LLO9Add2qIzCjI3XcxcpwcCMvxR hjdbuKzS50doQHc5nv+CQ+LYtbCWmvRRscvj8y8UcqbIddwK8ML1Jqij9Jeb7IQF qZIzpQWMWJ6qvzmepz6f5+P/1PdoT6hT25O5KKcYj+ZRhSQo07euU4j+q95ZV5zX 3b1VoTB6RwVMRth14cEd6KKfVP9FXupkL/uwp+cNxRP6KXC81JL2Y0WbE0PcTsI2 pMhtqu69RY7kBuikNfYkEPsQVcrs8z/TPMXTQHs/lhoPXavHnxskbSn5xS3PmrUX 5e5y9NJ+3rUrBO8b+oMe =SHPO -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
