When you create a keystore, you get prompted with information regarding your server. This is your server certificate, and it identifies your server to other users.
You would have created a certificate sign request that you sent to your CA to get your certificate signed. You sign your certificate so as others that trust your CA know that they can trust you. When you have a signed certificate, you need to import the CA certificate into your keystore to enable a trust chain. Once you have imported the CA certificate, then you need to import your signed certificate into your keystore (ensure you use the same alias when you created your certificate). You keystore should list this certificate as the 'keyEntry' when you list your keystore, and this will be the certificate presented to users when they access your server using SSL. Do not forget to enable tomcat to use SSL in the server.xml file. It may be a good idea for you to do internal testing using self signed certificates to understand them before getting them signed by a CA. Regards, Andrew Friebel -----Original Message----- From: Andy Tipton [mailto:[EMAIL PROTECTED] Sent: Tuesday, 14 November 2006 11:42 AM To: 'Tomcat Users List' Subject: Need help w/ installing certificate. Afternoon, I have my real certificate downloaded. I am trying to install it into my keystore so that is the one to be used. however, I am can't get it to work. Please help!! I am running these commands but I cannot get the keystore to look at the new certificate.. C:\Program Files\Java\jdk1.5.0_05\bin>keytool -import -alias intermed -keystore .keystore -trustcacerts -file sf_issuing.crt C:\Program Files\Java\jdk1.5.0_05\bin>keytool -import -alias tomcat5 -keystore .keystore -trustcacerts -file www.anythingphotos.com.crt I have tried creating a new '.keystore', but no luck. Could someone please help!! I am running out of ideas. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
