Sorry for the dumb questions, I am new to SSL, and want to understand what I am doing, not just run these instructions, and it should work.
On Fri, Apr 4, 2014 at 5:00 PM, Mark Murphy <jmarkmur...@gmail.com> wrote: > So let me try to understand what is going on here. I generate a keystore > using keytool, that contains a key. At this point it is equal to a self > signed certificate, and it works, but the browser complains that there is > no CA. I then need to create a certificate request ad send that off to > goDaddy. What is this? a public key that matches up with the private key? > Then I have to import the certificates that goDaddy returns to me because > that validates the private key that is already in the keystore? > > > On Fri, Apr 4, 2014 at 4:46 PM, Mark Thomas <ma...@apache.org> wrote: > >> On 04/04/2014 21:42, Mark Murphy wrote: >> > I saw something on StackOverflow that said the key type in the keystore >> > needs to be PrivateKeyEntry and not trustedCertEntry. Is this true? >> When I >> > look at my keystore, it is trustedCertEntry for all the certs. >> > >> > But when I look at the type for the self signed certificate (which >> works), >> > it shows keyEntry. >> > >> > Does, or should this matter? and if so, how do I change the type? >> >> Yes, this matters a lot. >> >> You must import the cert you receive from the CA into the same keystore >> you used to generate the CSR since that is where the private key is and >> the server has to have access to the private key. >> >> Mark >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >
