Andy Tipton wrote: > I have read all through the documentation and can't find what I am doing > wrong. The only thing that I didn't do was the importing of the > valicert_class2_root.crt file because I wasn't given one when I downloaded > my certificate. I imported the real one after I imported the intermediate > crt.
Did you get any error during this step ie., importing intermediate crt after root? > So now I have this: > > C:\Program Files\Java\jdk1.5.0_05\bin>keytool -list -keystore .keystore > Enter keystore password: changeit > > Keystore type: jks > Keystore provider: SUN > > Your keystore contains 2 entries > > tomcat5, Nov 13, 2006, trustedCertEntry, > Certificate fingerprint (MD5): > 73:EA:94:A1:38:C8:9A:5D:65:44:7C:C7:65:A7:01:5F > intermed, Nov 13, 2006, trustedCertEntry, > Certificate fingerprint (MD5): > 7A:A5:BA:4F:BC:0A:C5:3C:56:E9:50:A0:13:6A:88:A9 > > C:\Program Files\Java\jdk1.5.0_05\bin> > > Could it have to do with the alias? I am can't figure out what it could > be. I am not sure of whether this could be the problem with alias. > I just get a 'page cannot be displayed' when trying to access it. I have > been reading, but can't find anywhere that really explains who the > keystore and certificate relate to each other. if the alias matters. > > I really need some help here. Below are the steps i did in one of my Linux box(must work in windows too). First i generated tomcat.key & CSR with: $ keytool -genkey -alias tomcat -keyalg RSA -keystore tomcat.key $ keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore tomcat.key Got the certs from our CA(Files sf_issuing.crt & _mydomain.crt). Copied the CA's intermediate cert to valicert_class2_root.crt First import the CA's intermediate certificate to root, like this: $ keytool -import -alias root -keystore tomcat.key -trustcacerts -file valicert_class2_root.crt Then import issuing cert to intermed: $ keytool -import -alias intermed -keystore tomcat.key -trustcacerts -file sf_issuing.crt Last is to import your domain's cert to tomcat alias: $ keytool -import -alias tomcat -keystore tomcat.key -trustcacerts -file _mydomain.crt The above steps worked perfectly for me. I had to just point the correct key file in server.xml and https started working. Let me know if that helped you out. Regds, SK --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
