-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To whom it may concern,
On 11/25/14 3:32 AM, Kernel freak wrote: > I don't have the server.key and server.crt. I have root access to > server, I can generate my own if necessary. I only have .crt and > .ca-bundle file. Can you tell me what to do. Thank you very much > for your help. If you don't have the server's key but you have the server's certificate, then you must start all over again because the key is half of a paired key. Did you generate the CSR yourself? With what key did you generate that CSR? If someone else generated the CSR, go ask them where the key is that they used. If you have lost the key then you must redo the whole process, starting with generating a new key and CSR, then get the CSR signed. Then, import the signed certificate back into the same keystore. Then, configure Tomcat to use that keystore. The instructions on the Tomcat users' guide are fairly straightforward even if they don't explain the intricacies of public key infrastructure -- that's outside the scope of the users' guide. Thanks, - -chris > On Mon, Nov 24, 2014 at 7:48 PM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > > Niranjan, > > On 11/24/14 10:51 AM, Niranjan Babu Bommu wrote: >>>> I think you have create a keystore from the cert, please >>>> follow these instruction and ket me know. >>>> >>>> Create store with temporary key inside: >>>> >>>> keytool -genkey -alias <alias name> -keystore >>>> yourkeystore.jks -storepass Hello1 Then delete existing >>>> entry: >>>> >>>> keytool -delete -alias temp -keystore yourkeystore.jks >>>> -storepass Hello1 Now you've got empty store. You can check >>>> that it's empty: >>>> >>>> keytool -list -keystore yourkeystore.jks -storepass Hello1 >>>> Then import your certificate to the store: >>>> >>>> keytool -import -alias <alias name> -file cert_file.crt >>>> -keypass > keypass >>>> -keystore yourkeystore.jks -storepass Hello1 > > Nope: the existing key *and* cert need to be imported > simultaneously into the keystore. If the OP already has a cert, > he's already got a key, too. > > The problem is that you probably started with OpenSSL to generate > your keys and stuff. Here is the proper procedure to import your > key, certificate, and CA bundle into a Java keystore. > > You'll need these files: > > server.key (this is your server's secret key) server.crt (this is > your server's certificate, signed by the CA) ca.crt (this is your > CA's certificate) > > Here is the incantation: > > $ openssl pkcs12 -export -in server.crt -inkey server.key \ > -certfile ca.crt -out keystore.p12 -chain > > $ $JAVA_HOME/bin/keytool -importkeystore -srckeystore keystore.p12 > \ -srcstoretype pkcs12 \ -destkeystore keystore.jks > > Now, use keystore.jks in Tomcat's server.xml. > > If you already had created your key and cert request using Java's > 'keytool', then you can instead just import the signed certificate > into your keystore: > > $ $JAVA_HOME/bin/keytool -importcert -file server.crt \ -keystore > keystore.jks \ -alias [alias] > > If you used an alias to create the certificate signing request > (CSR), then use the same alias in the above command. > > -chris >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUdPOpAAoJEBzwKT+lPKRYVikP/jrxPiejAjwm9B9T4nGDASyZ BeweTPhXLd1Fg8e95r8K6xBFfZy921Ax+NimRLqTUfU2cCen9YsHB2Xdp0a6xiw4 oC8+e2JlyZhGFhJY2TsgYRpRoqIhhJeluSUpukUYZz73Pq10LHUnetDhsEHwJEtE uz2ekNcXH1Vr+Fy4k+O+PpFJnl8N5QprjO6PX/WlflrFihFa7bC7l+8FqF4QQ7U1 gw0nKt/0VcYOPepyDfV6VKGD7gBurNmlqrx9GxkYss0YVKghyCDFllNuX9tSw7j7 3PcQu/cmEc6u7CePAY4VCXpMSPNO9Ggn+AnLZxj6FWL09fuUfb3bL/I0kufn4xqE qeEs/Kb9p8PaGCXOofF9nOsoz1krV5ttS3ei8Ayjt84MgXgge3q3n//ZC/s6EMMd /zPlPbI3azTi658+R9sCL/jJwRbxzjnpMj/q/ae1jDawkZHYndijiWt6BSVMrfuo awCDxrzissptgKrgokyeQocHWSyGWpEuYEIRDoS6KzgRQ40iCbaCOYTlJg11yS0Z 0ItdSYURh4b4nPtlwFzvTZ8pzxnO3dDod16NVEScIjEIMAGLFrCpfy+xF3/e+Hof QXFDzE4XX5WtGIJdSN0g8mRlf3KymkJ+Z4ZnamUprD9NDC7vwCw1nhyBJLGkTHF4 +KKT8HNKTnW71IzKhPai =WH38 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
