On Mon, Sep 8, 2014 at 9:57 PM, Siva K Chittamuru <cskal...@gmail.com>
wrote:
> Hello,
>
> I am using Apache tomcat version 7
Which version specifically?
> and trying to configure SSL. Here is what I did so far.
>
> 1. Generated CSR using OpenSSL and purchased certificate from geotrust.
>
> 2. Imported the cert from Geotrust to the PEM keystore.
>
> 3. Converted keystore to PKCS 12.
>
> 4. Configured SSL connector in server.xml and pointed the keystore to PKCS
> 12 I have created.
>
Which connector? BIO, NIO, APR? A configuration snippet, minus sensitive
information would be helpful.
>
> Issue: There is another application that provides SSL certificate which I
> need to add to signers section of tomcat PKCS 12 file. I need some help
> with adding the cert to signers section.
>
> I tried adding the cert using IBM iKeyman, it appears that tomcat does not
> like the PKCS12 file modified using iKeyman.
>
> Any suggestions or help is appreciated.
>
Not familiar with that tool, but I would suggest trying to use either
Java's keytool or OpenSSL to verify that the PKCS12 file is still valid.
Depending on the connector you've configured, Tomcat will either use the
JVM or OpenSSL to access the key store. Making sure that your key store
can read them using standard tools is a good troubleshooting step.
Ex:
keytool -list -keystore {path to keystore.pfx} -storetype PKCS12 -v
Dan
