The problem is my signed cert needs to be chained to the CA. -----Original Message----- From: Michael Holstein [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 1:00 PM To: Tomcat Users List Subject: Re: SSL Certs
> Thanks. Works like a charm. One more question. How do I establish the > chain to the CA? Do I do it using keytool? Yes. Import the intermediates and root certificates into the same keystore. For the root CA you shouldn't use the -trustcacerts line. Use the same keystore file, just pick different aliases for the keys. Note: modern versions of Java include the most popular root CAs. If your key imported successfully with the -trustcacerts line, then it found and validated it. Otherwise, you'd have gotten an error about "failed to establish certificate chain" or some-such. ~Mike. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
