Re: Help importing SSL certificates

Mon, 14 Jan 2002 10:19:21 -0800 

Hi Roland,

As far as I understand tomcat/ssl/openssl and java's keystore, you need to
do the following:
1. Generate a private key/self-signed certificate pair in a keystore file
(mykeys.jks for example)
and give it an alias ("tomcat" for example)
2. Export a certificate signing request (CSR) for your key (pleasesignit.csr
for example)
3. Get someone friendly (Rich CA Ltd. for example) to digitally sign your
CSR, and give you back a certificate reply (cert-reply.crt for example)
4. Import the certificate reply into your keystore file using the alias you
chose ("mykey")

Now you should have a private key with a public key that has been signed by
Rich CA Ltd.
Now just use your keystore with tomcat and be sure to include your keystore
password
in your server.conf file and you should be able to accept SSL connections
with tomcat.

The only problem is, every single client that attempts an SSL connection to
your
tomcat needs to have Rich CA Ltd. pre-defined as a certificate authority in
order
for the connection to proceed.

Companies like Thawte and Verisign are already pre-defined as certificate
authorities on
most web browsers, so if you pay them to sign your CSR you should be fine.

Hope this helps!
-Mike


----- Original Message -----
From: "Roland" <[EMAIL PROTECTED]>
To: "Tomcat Developers List" <[EMAIL PROTECTED]>
Sent: Monday, January 14, 2002 8:04 AM
Subject: Help importing SSL certificates


> Hello,
> I'm trying to use SSL with Tomcat. Everything is fine if I use a
> certificate generated with keytool. But, if I try to import a certificate
> generated with OpenSSL, it doesn't work. What happens is that I can import
> the certificate and it will not complain. But when I try to connect to
> Tomcat with the browser it will give an error like 'unknown encryption
> algorithm'.
> Can anyone help here?
> Roland
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>
>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to