----- Original Message ----- > Hi Daniel > > > > Thanks so much for replying. > > > > So you mentioned that I ought to import the existing PKCS12 > (remedy.optinet.net_cert.pfx) keystore into a Java Keystore > (remedy.optinet.net_cert.jks) using the following command: > > > > keytool -importkeystore -srckeystore remedy.optinet.net_cert.pfx > -srcstoretype pkcs12 -srcstorepass password -destkeystore > remedy.optinet.net_cert.jks -deststoretype jks -deststorepass > password > > > > ...and then to import the root and intermediate certificates into the > Java Keystore (remedy.optinet.net_cert.jks). Would I use the > following commands or are these incorrect?
Two things, you just don't need the "-storetype" option (you're using JKS which is the default and you should probably specify an alias option. keytool -import -keystore remedy.optinet.net_cert.jks -storepass password -alias root -file “c:\Thawte Primary Root CA.cer” keytool -import -keystore remedy.optinet.net_cert.jks -storepass password -alias intermediate -file “c:\Thawte SSL CA.cer” Dan > > keytool -import -keystore remedy.optinet.net_cert.jks -storepass > password -storetype PKCS12 -file “c:\Thawte Primary Root CA.cer” > > > > keytool -import -keystore remedy.optinet.net_cert.jks -storepass > password -storetype PKCS12 -file “c:\Thawte SSL CA.cer” > > > > Thanks & Regards > > Melanie > > > > -----Original Message----- > From: Daniel Mikusa [mailto:dmik...@vmware.com] > Sent: 23 March 2012 07:21 PM > To: Tomcat Users List > Subject: Re: configuring SSL for Tomcat with .pfx > > > > ----- Original Message ----- > > > Hi everyone, > > > > > > I have been tasked with configuring SSL for Tomcat. I am new to > > Tomcat > > > configuration so I have been through the docs and consulted many > > > different articles in an attempt to figure out how all of this > > works. > > > > > > I have been given the following (attached): > > > > > > * Thawte Primary Root CA.cer > > > > > > * Thawte SSL CA.cer > > > > > > * remedy.optinet.net_cert.pfx > > > > > > My plan was to import the root cert then the intermediate cert then > > > the .pfx by doing the following: > > > > > > > > > * keytool -import -keystore tomcat.keystore2 -storepass > > > password -storetype PKCS12 -file "c:\Thawte Primary Root CA.cer" > > > > > > * keytool -import -keystore tomcat.keystore2 -storepass > > > password -storetype PKCS12 -file c:\Thawte SSL CA.cer > > > > > > * keytool -importkeystore -deststorepass password > > > -destkeystore c:\tomcat.keystore2 -srckeystore > > > c:\remedy.optinet.net_cert.pfx -srcstoretype PKCS12 -srcstorepass > > > password > > > > > > > > > What if you try this... > > > > 1.) Import your existing PKCS12 keystore into a Java Keystore. > > > > keytool -importkeystore -srckeystore remedy.optinet.net_cert.pfx > -srcstoretype pkcs12 -srcstorepass password -destkeystore > remedy.optinet.net_cert.jks -deststoretype jks -deststorepass > password > > > > 2.) Then import your root and intermediate certificates into the > remedy.optinet.net_cert.jks. > > > > > > Alternatively, you might try a GUI utility like Keystore Explorer. > > > > http://www.lazgosoftware.com/kse/index.html > > > > Dan > > > > > > > But got the following error when I started with the root cert: > > > > > > D:\Program Files (x86)\Java\jdk1.6.0_19\bin>keytool -import > > -keystore > > > tomcat.keystore2 -storepass password -file "c:\Thawte Primary Root > > > CA.cer" > > > keytool error: java.lang.Exception: Input not an X.509 certificate > > > > > > > > > Then I imported the certificates into certmgr and exported them to > > > X.509 and tried again .... got the following: > > > > > > D:\Program Files (x86)\Java\jdk1.6.0_19\bin>keytool -import > > -keystore > > > tomcat.key > > > store2 -storepass password -storetype PKCS12 -file "Thawte Primary > > > Root CA_x.cer " > > > Owner: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For > > > authorized use only", OU=Certification Services Division, > > O="thawte, > > > Inc.", C=US > > > Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For > > > authorized us e only", OU=Certification Services Division, > > O="thawte, > > > Inc.", C=US Serial number: 344ed55720d5edec49f42fce37db2b6d Valid > > > from: Fri Nov 17 02:00:00 CAT 2006 until: Thu Jul 17 01:59:59 CAT > > 2036 > > > Certificate fingerprints: > > > MD5: 8C:CA:DC:0B:22:CE:F5:BE:72:AC:41:1A:11:A8:D8:12 > > > SHA1: > > > 91:C6:D6:EE:3E:8A:C8:63:84:E5:48:C2:99:29:5C:75:6C:81:7B:81 > > > Signature algorithm name: SHA1withRSA > > > Version: 3 > > > > > > Extensions: > > > > > > #1: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ > > > Key_CertSign > > > Crl_Sign > > > ] > > > > > > #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ > > > CA:true > > > PathLen:2147483647 > > > ] > > > > > > #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ > > > KeyIdentifier [ > > > 0000: 7B 5B 45 CF AF CE CB 7A FD 31 92 1A 6A B6 F3 46 > > > .[E....z.1..j..F > > > 0010: EB 57 48 50 .WHP > > > ] > > > ] > > > > > > Trust this certificate? [no]: yes > > > keytool error: java.security.KeyStoreException: TrustedCertEntry > > not > > > supported > > > > > > I am struggling to get to grips with all of the components like the > > > "alias", "key", "algorithm", "keystore", "certificate", etc ... and > > > the different types of keystores ; different types of certificates > > and > > > so many other things. > > > > > > If you could assist me I would appreciate it greatly. > > > > > > Regards > > > Melanie Snayer > > > BMC Remedy Product Consultant > > > ______________________________________________________________ > > > Blue Turtle Technologies > > > Tel : +27 (0) 87 721 1874/5/6 | Fax: +27 (0)21 552 7764 | > > > Cell: +27 (0)82 568 6205 > > > email: > > > > melan...@blueturtle.co.za<mailto:melan...@blueturtle.co.za<mailto:melan...@blueturtle.co.za%3cmailto:melan...@blueturtle.co.za>> > > > | web: > > | > > www.blueturtle.co.za<http://www.blueturtle.co.za<http://www.blueturtle.co.za%3chttp:/www.blueturtle.co.za>> > > > > > > Imagination was given to us to compensate for what we are not; a > > sense > > > of humor was given to us to console us for what we are. > > > - Mark McGinnis > > > > > > > > > ________________________________ > > > Blue Turtle Technologies (Pty) Limited | Reg. no.: 2003/002610/07 | > > > http://www.blueturtle.co.za Gauteng : Tel: +27 (0)11 206 5600 | > > Fax: > > > +27 (0)11 206 5606 | Midridge Office Estate, International Business > > > Gateway, cnr New Road & Sixth Street, Midrand, 1685 | P O Box > > 31331, > > > Kyalami, 1684 Western Cape: Tel: +27 (0)87 721 1874 | Fax: +27 > > (0)21 > > > 552 7764 | Unit E6, Century Square, Heron Crescent, Century City, > > Cape > > > Town, > > > 7446 > > > > > > DISCLAIMER: This email and any files transmitted with it are > > > confidential and are intended solely for the use of the individual > > or > > > entity to whom they are addressed. This communication represents > > the > > > originator's personal views and opinions, which do not necessarily > > > reflect those of Blue Turtle Technologies (Pty) Ltd. If you are not > > > the original recipient or the person responsible for delivering the > > > email to the intended recipient, be advised that you have received > > > this email in error, and that any use, dissemination, forwarding, > > > printing, or copying of this email is strictly prohibited. If you > > > received this email in error, please immediately notify the sender. > > > Thank you. > > > > > > > ________________________________ > Blue Turtle Technologies (Pty) Limited | Reg. no.: 2003/002610/07 | > http://www.blueturtle.co.za > Gauteng : Tel: +27 (0)11 206 5600 | Fax: +27 (0)11 206 5606 | > Midridge Office Estate, International Business Gateway, cnr New Road > & Sixth Street, Midrand, 1685 | P O Box 31331, Kyalami, 1684 > Western Cape: Tel: +27 (0)87 721 1874 | Fax: +27 (0)21 552 7764 | > Unit E6, Century Square, Heron Crescent, Century City, Cape Town, > 7446 > > DISCLAIMER: This email and any files transmitted with it are > confidential and are intended solely for the use of the individual > or entity to whom they are addressed. This communication represents > the originator's personal views and opinions, which do not > necessarily reflect those of Blue Turtle Technologies (Pty) Ltd. If > you are not the original recipient or the person responsible for > delivering the email to the intended recipient, be advised that you > have received this email in error, and that any use, dissemination, > forwarding, printing, or copying of this email is strictly > prohibited. If you received this email in error, please immediately > notify the sender. Thank you. > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
