Glad to learn that your problem is solved :) ++Vamsi
On Thu, Mar 13, 2008 at 7:25 PM, Some user <[EMAIL PROTECTED]> wrote: > > Thanks Vamsi! > > The post you mention pointed me in the right direction and I have it up > and > running. Great! Wasted 3 days on this one. I needed to transform my > certificate to PKCS12, I missed that. > > Here is how for further reference: > > Create a new keystore with the signed certificate, the key and the > chainfile. The keystore needs to be PKCS12, the default JKS Java keystore > is > not accepted if you created the certiface with OpenSSL. The chainfile is a > file with all the certificates from you to a trusted root authority. > > openssl pkcs12 -export -inkey mycert.key -in mycert.pem -out mycert.pkcs12 > -chain -CAfile rootchain.pem > > We changed the storetype so from now on you'll always have to specify the > storetype (PKCS12) as a parameter. > > keytool -v -list -keystore keystore.pkcs12 -storetype PKCS12 > > Check the chain length, it has to be > 1 or you certainly don't have a > valid > path to the root authority. > > Add the right keystore to the Tomcat server.xml file. You don't need to > specify a keyAlias as there is only one certificate in the keystore. > > > Vamsavardhana Reddy-2 wrote: > > > > You should be able to create a PKCS12 keystore using OpenSSL with the > > private key and the certificate you have. See if the following thread > > helps. > > > > http://www.mail-archive.com/[EMAIL PROTECTED]/msg08816.html > > > > ++Vamsi > > > > On Wed, Mar 12, 2008 at 6:59 PM, Some user <[EMAIL PROTECTED]> > > wrote: > > > >> > >> Dear Tomcat wizards, > >> > >> I need a signed multi domain certificate for Tomcat (x.example.com, > >> y.example.com, z.example.com). I do have a signed certificate but can't > >> import this in the keystore with the keytool command as I generated the > >> request with OpenSSL and now keytool complains that the keys don't > match. > >> > >> Fine, so I need to generate a CSR request with keytool first. When I > run > >> the > >> "keytool -genkey -alias..." command I get these questions where I need > to > >> enter my first and last name: > >> > >> What is your first and last name? > >> [Unknown]: x.example.com > >> > >> This is where I enter my fully qualified server name for the > certificate. > >> Problem is I can't enter MULTIPLE DOMAINS. I need more subdomains here > as > >> my > >> server listens to x.example.com, y.example.com and z.example.com. A > >> wildcard > >> certificate is not an option as the signing authority doesn't want to > >> sign > >> wildcard certificates. > >> > >> Does anyone know how to generate a multi domain request with keytool? I > >> know > >> how to do this with openssl but I need a keytool one... > >> > >> Thanks! > >> -- > >> View this message in context: > >> > http://www.nabble.com/Multi-domain-certificate-with-keytool-tp16002309p16002309.html > >> Sent from the Tomcat - User mailing list archive at Nabble.com. > >> > >> > >> --------------------------------------------------------------------- > >> To start a new topic, e-mail: users@tomcat.apache.org > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > > > > -- > View this message in context: > http://www.nabble.com/Multi-domain-certificate-with-keytool-tp16002309p16025518.html > Sent from the Tomcat - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
