-----BEGIN PGP SIGNED MESSAGE-----
On 5/17/18 11:33 AM, Laurie Miller-Cook wrote:
> I am very new to Tomcat so please bear with me.
> I currently have a Thawte certificate that is installed within IIS
> for our domain that is all managed by Rackspace.
> I now have a new server set-up with Tomcat 8.5.11 installed and
> have created a keystore.
> I have been supplied by Rackspace the following text a
> Certificate, Private Key and CA Bundle.
You should start over. If Rackspace supplied the private key, then you
have no control over your own security. You should generate your own
private key on a server you control and trust.
> So my question is, with the three text files from Rackspace can I
> import these (in what order) into the Keystore to get SSL working
> with our Domain or do I need something totally different.
> Just as a sub-note we need to have the SSL certificate for the
> domain working on both IIS and Tomcat.
It is very difficult to import a private key into a Java keystore. You
usually have to go through a PKCS12 file, first, and OpenSSL is the
best tool IMO to manipulate those. JKS files are fortunately being
abandoned and PKCS12 files are directly-readable by Java, so it's a
one-step operation if you have OpenSSL handy:
openssl pkcs12 -export -in server.crt -inkey server.key -certfile
intermediate.crt -out keystore.p12 -chain
Now, you can configure your Tomcat to use keystore.p12 as the
keystore, and use whatever password you gave to OpenSSL when writing
the PKCS12 file.
I'd still highly recommend that you start over from scratch with
yourown private key, though. Generate a key, certificate signing
request (CSR), and send the CSR to Thawte. Once they sign it, import
any intermediate certs into your keystore first (top-most first) then
your server's signed certificate into your keystore and use the result
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org