Re: Verisign Certificate Still Giving Me Troubles:

Sat, 03 Dec 2005 11:01:36 -0800 

Scott,
I don't remember reading your previous thread, so I may be off-base but, .......... <famous last words> 


To state the obvious, you just need to replace in config whichever 
self-signed cert file you generated with your new Verisign cert file.



Ignoring for a second the certificate install process in Tomcat, could 
your problem be as simple as;



You initially got everything working and configured with your generic 
(self-signed) cert. and presumably server.key.



However, upon submitting your .csr to Verisign, you appear to have 
generated a new key. So have you remembered to also replace in config 
the new server.key to match the provided cert.?



The .csr AFAIK is just that, a request, and is actually irrelevant once 
you have received the cert.



K


Scott Purcell wrote:



Hello,

A few people helped me out last week, to get simple SSL running. IN particular 
Dhaval, Remy and Nate. Anyway, I have followed the directions from here: 
http://www.fatofthelan.com/articles/articles.php?pid=12 section 3 and all works 
well.

So that means my tomcat is all configured and happy.

But this was a "generic" certificate. I gave Verisign a certreq.csr file and 
they gave me a certificate last week and it was called cert.cer.

I cannot for the life of me figure out how to get the certreq.csr working?

I have been following these steps here:
Based upon my knowledge,to incorporate Verisign certificate, steps are as 
follows:
(Derived from http://www.fatofthelan.com/articles/articles.php?pid=12 )
(1) openssl req -new -out server.csr (This will generate csr and private key. 
Make sure you feel
the values correctly on openssl command prompt. )
(2) openssl rsa -in privkey.pem -out server.key (This removes the passphrase 
from the private key.
Also delete generated .rnd file)

(3) Here there are two (either or) possibilities: 



But honestly do not know where to substitute my "certreq.csr" that verisign 
gave me in this equation.

Regards



 



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to