MG>Ongnjen > Gene, > > On 3.1.2014 14:55, Gene Matthews wrote: > > Thie symantec instructions say to ensure the alias for the ssl cert has an > > Entry Type of PrivateKeyEntry. Mine DOES NOT. Instructions say if it does > > not, to please import the certificate in the “Private Key” alias. > > With JKS keystore you must keep private key and certificates in the same > keystore. MG>Since A pfx that Verisign provides contains key and cert MG>"Windows servers use .pfx files to contain the public key files (your SSL Certificate files, provided by DigiCert) and MG>the associated private key file (generated by your server as part of the CSR). " MG>perhaps you are referring to the key/certificate combination in pfx?
Therefore, you shouldn't import server certificate and inter. > certificates into brand new keystore, but into the "old" keystore -- the > one you used to create key pair, and to generate CSR. MG>CSR is the request to CA Authority (verisign ) to sign (digitally identify) this certificate MG> certificate signing request (also CSR or certification request) is a message sent from an applicant to a MG>certificate authority in order to apply for a digital identity certificate. The most common format for CSRs is the MG>PKCS#10 specification MG> > > I find it strange that Symantec/Verisign didn't mention that explicitly > in their documentation. MG>agreed > > > It also says to ensure the Certificate chain length is 4. > > Once you import certificates into the right keystore, check that again. > > > > PS: How does one search the archives of this list? When I browse the > > archive site I don’t see a search field anywhere. So I’ve been googling > > without coming up with a solution. it is probably out there but I don’t > > know enough to recognize it :-( > > http://tomcat.apache.org/lists.html > > Search for "Archives". > > -Ognjen > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >