I'm running Tomcat 8.5.23 on an AWS Ubuntu Linux 16.04 LTS installation. I'm trying to follow the instructions at https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html to get HTTPS running under tomcat. My site runs with a self-signed certificate. Now I'm trying to install a proper certificate from https://gethttpsforfree.com/ . After the rather lengthy process to generate the "Signed Certificate" and "Intermediate Certificate" it appears I'm ready to follow the instructions under the heading "Importing the Certificate". My first question is whether there is a difference between the certificates mentioned in

- "import a so called Chain Certificate or Root Certificate into your keystore"


- "After that you can proceed with importing your Certificate."

I was able to execute the command:

keytool -import -alias root -keystore <your_keystore_filename>
    -trustcacerts -file <filename_of_the_chain_certificate>

using a single file that has the "Signed Certificate" and "Intermediate Certificate" from gethttpsforfree. But then I get an error from the next command

~$ keytool -import -alias tomcat -keystore .keystore -file chained.pem
Enter keystore password:
keytool error: java.lang.Exception: Certificate reply does not contain public key for <tomcat>

When I run

~$ keytool -list -v

I see (in part)

Alias name: tomcat
Creation date: Oct 9, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Owner: CN=Adam Pease

I'm very new to certificates. Could someone point me in the right direction?

all the best,

Adam Pease
@apease_ontology on Twitter

To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to