On 9/11/13 5:22 AM, Christopher Schultz wrote:
Okay, great: you have a chain of certificates and could, with a bit of
effort, convert that into a Java keystore or a PEM-encoded file for
use with OpenSSL (and httpd, tcnative, etc.).
Without the private key, though, you aren't going to get very far. Go
back to the client and tell them that you need that, too.
FINALLY!
(And this is why we discourage our customers from building their own
keystores: there's enough chance of screwing it up if I do it, and I've
done it a few times; unless the customer has a Tomcat expert on staff,
they're going to be as lost as I was the first time.)
We got the customer to send us the originating keystore (on the second
try!), and the non-default password for it, and I managed to marry it to
the signed certificate in the P7B file, and get it installed (screwing
up the syntax of server.xml, the first time I tried to adjust it from
our choice of keystore name and alias to their choices and their
non-default password), and finally managed to get it to come up.
Thanks, Mr. Schultz, et al. You were more helpful than you might realize.
--
James H. H. Lampert
Touchtone Corporation
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
