Mark,
On 4.4.2014 23:00, Mark Murphy wrote:
So let me try to understand what is going on here. I generate a keystore
using keytool, that contains a key. At this point it is equal to a self
signed certificate, and it works, but the browser complains that there is
no CA.
(Standard on this list is to answer below the quote.)
By using keytool -genkeypair you generate keypair -- a private key and a
public key. Public key is stored inside self signed certificate. Both of
them (private key and public key inside certificate) are stored in the
keystore that may be in various formats.
I then need to create a certificate request ad send that off to
goDaddy. What is this? a public key that matches up with the private key?
It is a public key, plus information identifying server (or individual)
packed in one message that CAs understand.
Then I have to import the certificates that goDaddy returns to me because
that validates the private key that is already in the keystore?
First of all, you must use the same keystore you used to generate
keypair. Then, you will most probably need to import root and
intermediate certificates first to your keystore. Then, you need to
import server certificate, using the same keystre and the same alias you
used to generate keypair in the first place. If you do everything right,
that final call to "keytool -importcert" will replace self signed
certificate from your keystore with a new certificate chain.
-Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
