-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Miten,
On 1/16/14, 12:09 PM, Miten Mehta wrote: > Hi, > > Adding more clarification for ease below. > > 1) create keystore.jks with self signed cert (alias tomcat). Why are you self-signing a certificate if you are going to get it signed by a CA? > 2) generate old.csr and send for signing to CA 3) get back new.cer > (signed certificate) and root.cer (root certificate) 4) delete > existing cert from keystore.jks (alias tomcat) 5) import root cert > (alias root) 6) import new cert (alias tomcat) You should be able to create a server key, then a CSR. I happen to hate keytool (and Java key stores in general) so I avoid it whenever possible but I'd be surprised if you couldn't create a CSR without creating a self-signing certificate in the process. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS2FQDAAoJEBzwKT+lPKRY/cwP/jQc9t1QkhKwyzUxw2yZNVjx fk0fHIucw+EkxMRa9Xue/DouZPpGRbdvzMRVn8Jr7wzBPIqUNmNITfCSYduJVNWu 8atVHG9CwRK0HVLnN/CESjm1Ex46jOn9BiAzH9n1AZ9UfY+a3MS6z/9XjS/NMxmJ yhRkkltYUHdtjHEoFCehhormbHcS44CAR9uxkPXW+MeJCwWu2JXL0dxu/BGVY/Rj 7niOd9kk5ziKcN1NfYWXSClOV81AuxlW6vJnaP8+ZzW9JZRE/9Od1Hx3Ie+WmxG+ 9y+x2j4WwS7xyN4nD1Sfg5bK0lUFe4HFsexmnMEbUcsY4SbvgjhaTuBaqam+JZgx 31e9hTcZKaQ0042qRk8dOYNM9vi7Wje9pYuUca3yIOPDorIXBSU2dK2rW9hF5ZJ7 HiBhLHRa88b9tWX79y3hOAOuYnTxBVttrXXlGs4U+iiheynwhGYUrx+vpPyMY1mm GyZEln8RiTOZhpMOzcYAsHvG4pUjHFs7sSPBOjA3sMTVC7/6EH5AHzsPgLyIXUHZ 00XoQgsWs4LNQ4NyfekChtotX8VeIJR2KZRNlVU++sTpkGdkYx03LMnFC201th0K A+1VH1lE6ii6mfVCH6impeN0P1GFMLHn+bqVREvPgEnMT9lIS0xBak7gvnDOd0dN qDg299ebMIvnMMDsi483 =0XWS -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org