MG>Ongnjen
> Gene,
>
> On 3.1.2014 14:55, Gene Matthews wrote:
> > Thie symantec instructions say to ensure the alias for the ssl cert has an
> > Entry Type of PrivateKeyEntry. Mine DOES NOT. Instructions say if it does
> > not, to please import the certificate in the “Private Key” alias.
>
> With JKS keystore you must keep private key and certificates in the same
> keystore.
MG>Since A pfx that Verisign provides contains key and cert
MG>"Windows servers use .pfx files to contain the public key files (your SSL
Certificate files, provided by DigiCert) and MG>the associated private key
file (generated by your server as part of the CSR).
"
MG>perhaps you are referring to the key/certificate combination in pfx?
Therefore, you shouldn't import server certificate and inter.
> certificates into brand new keystore, but into the "old" keystore -- the
> one you used to create key pair, and to generate CSR.
MG>CSR is the request to CA Authority (verisign ) to sign (digitally identify)
this certificate
MG> certificate signing request (also CSR or certification request) is a
message sent from an applicant to a MG>certificate authority in order to apply
for a digital identity certificate. The most common format for CSRs is the
MG>PKCS#10 specification
MG>
>
> I find it strange that Symantec/Verisign didn't mention that explicitly
> in their documentation.
MG>agreed
>
> > It also says to ensure the Certificate chain length is 4.
>
> Once you import certificates into the right keystore, check that again.
>
>
> > PS: How does one search the archives of this list? When I browse the
> > archive site I don’t see a search field anywhere. So I’ve been googling
> > without coming up with a solution. it is probably out there but I don’t
> > know enough to recognize it :-(
>
> http://tomcat.apache.org/lists.html
>
> Search for "Archives".
>
> -Ognjen
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
