On Thu, Oct 04, 2012 at 11:49:45AM -0700, James Lampert wrote: > We have a customer (who shall remain nameless), who had previously > ignored our instructions and used IBM DCM instead of Keytool to produce > a keystore, and had it signed, all the while blissfully ignorant of the > fact that none of it would be the least bit compatible with Tomcat. > > I just got an email from that customer, with this puzzling phrase: > > > Had to split it up into a .key and .crt file. This is the output. > > which was followed by the output from a keytool -printcert on the .crt file. > > The -printcert output looks sensible, with 9 "ObjectID" items in it. But > what do I make of their comment about having to "split it up"?
My guess would be that they exported the private key and the corresponding public key certificate into separate files, but someone is thinking of all that as a single object for some reason. I have no idea what DCM is or does. Maybe it works with PKCS #12 files, which can carry both parts in a single container. Unless keytool has changed since the last time I fought with it, there is no way to tell it to ingest a private key. But the KeyStore class it manipulates seems to have the necessary methods, so you should be able to write something to do that. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart.
pgpsj9A6LWcQ8.pgp
Description: PGP signature
