Hi All,
I didn't add the attachment to the previous email so here it is.
Regards
Melanie
From: Melanie Snayer
Sent: 23 March 2012 06:05 PM
To: 'users@tomcat.apache.org'
Subject: configuring SSL for Tomcat with .pfx
Hi everyone,
I have been tasked with configuring SSL for Tomcat. I am new to Tomcat
configuration so I have been through the docs and consulted many different
articles in an attempt to figure out how all of this works.
I have been given the following (attached):
* Thawte Primary Root CA.cer
* Thawte SSL CA.cer
* remedy.optinet.net_cert.pfx
My plan was to import the root cert then the intermediate cert then the .pfx by
doing the following:
* keytool -import -keystore tomcat.keystore2 -storepass password
-storetype PKCS12 -file "c:\Thawte Primary Root CA.cer"
* keytool -import -keystore tomcat.keystore2 -storepass password
-storetype PKCS12 -file c:\Thawte SSL CA.cer
* keytool -importkeystore -deststorepass password -destkeystore
c:\tomcat.keystore2 -srckeystore c:\remedy.optinet.net_cert.pfx -srcstoretype
PKCS12 -srcstorepass password
But got the following error when I started with the root cert:
D:\Program Files (x86)\Java\jdk1.6.0_19\bin>keytool -import -keystore
tomcat.keystore2 -storepass password -file "c:\Thawte Primary Root CA.cer"
keytool error: java.lang.Exception: Input not an X.509 certificate
Then I imported the certificates into certmgr and exported them to X.509 and
tried again .... got the following:
D:\Program Files (x86)\Java\jdk1.6.0_19\bin>keytool -import -keystore tomcat.key
store2 -storepass password -storetype PKCS12 -file "Thawte Primary Root CA_x.cer
"
Owner: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use
only", OU=Certification Services Division, O="thawte, Inc.", C=US
Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized us
e only", OU=Certification Services Division, O="thawte, Inc.", C=US
Serial number: 344ed55720d5edec49f42fce37db2b6d
Valid from: Fri Nov 17 02:00:00 CAT 2006 until: Thu Jul 17 01:59:59 CAT 2036
Certificate fingerprints:
MD5: 8C:CA:DC:0B:22:CE:F5:BE:72:AC:41:1A:11:A8:D8:12
SHA1: 91:C6:D6:EE:3E:8A:C8:63:84:E5:48:C2:99:29:5C:75:6C:81:7B:81
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 7B 5B 45 CF AF CE CB 7A FD 31 92 1A 6A B6 F3 46 .[E....z.1..j..F
0010: EB 57 48 50 .WHP
]
]
Trust this certificate? [no]: yes
keytool error: java.security.KeyStoreException: TrustedCertEntry not supported
I am struggling to get to grips with all of the components like the "alias",
"key", "algorithm", "keystore", "certificate", etc ... and the different types
of keystores ; different types of certificates and so many other things.
If you could assist me I would appreciate it greatly.
Regards
Melanie Snayer
BMC Remedy Product Consultant
______________________________________________________________
Blue Turtle Technologies
Tel : +27 (0) 87 721 1874/5/6 | Fax: +27 (0)21 552 7764 | Cell: +27
(0)82 568 6205
email: melan...@blueturtle.co.za<mailto:melan...@blueturtle.co.za> | web:
www.blueturtle.co.za<http://www.blueturtle.co.za>
Imagination was given to us to compensate for what we are not; a sense of humor
was given to us to console us for what we are.
- Mark McGinnis
________________________________
Blue Turtle Technologies (Pty) Limited | Reg. no.: 2003/002610/07 |
http://www.blueturtle.co.za
Gauteng : Tel: +27 (0)11 206 5600 | Fax: +27 (0)11 206 5606 | Midridge Office
Estate, International Business Gateway, cnr New Road & Sixth Street, Midrand,
1685 | P O Box 31331, Kyalami, 1684
Western Cape: Tel: +27 (0)87 721 1874 | Fax: +27 (0)21 552 7764 | Unit E6,
Century Square, Heron Crescent, Century City, Cape Town, 7446
DISCLAIMER: This email and any files transmitted with it are confidential and
are intended solely for the use of the individual or entity to whom they are
addressed. This communication represents the originator's personal views and
opinions, which do not necessarily reflect those of Blue Turtle Technologies
(Pty) Ltd. If you are not the original recipient or the person responsible for
delivering the email to the intended recipient, be advised that you have
received this email in error, and that any use, dissemination, forwarding,
printing, or copying of this email is strictly prohibited. If you received this
email in error, please immediately notify the sender. Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
