[snip]Hi,
I'm trying to setup Tomcat as a standalone web server with SSL client and server authentication, and I'm generally following the procedure at:
Beyond that, is my assumption that the "openssl pkcs12" should have caused the CA cert to be included in the keystore correct? Or, is there something else that I need to do to explicitly import the CA cert into the keystore?
Use the truststoreFile instead, which should contain only those CA certificates you would like your clients to have certificates issued by.
keystore is for authenticating the server, not the clients, and it probably doesn't even need the CA certificate in question inside.
--
Some days it's just not worth chewing through the restraints...
Mark D. Foster, CISSP <[EMAIL PROTECTED]> http://mark.foster.cc/
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
