----- Original Message ----- > Hi everyone, > > I have been tasked with configuring SSL for Tomcat. I am new to > Tomcat configuration so I have been through the docs and consulted > many different articles in an attempt to figure out how all of this > works. > > I have been given the following (attached): > > * Thawte Primary Root CA.cer > > * Thawte SSL CA.cer > > * remedy.optinet.net_cert.pfx > > My plan was to import the root cert then the intermediate cert then > the .pfx by doing the following: > > > * keytool -import -keystore tomcat.keystore2 -storepass > password -storetype PKCS12 -file "c:\Thawte Primary Root CA.cer" > > * keytool -import -keystore tomcat.keystore2 -storepass > password -storetype PKCS12 -file c:\Thawte SSL CA.cer > > * keytool -importkeystore -deststorepass password > -destkeystore c:\tomcat.keystore2 -srckeystore > c:\remedy.optinet.net_cert.pfx -srcstoretype PKCS12 -srcstorepass > password >
What if you try this... 1.) Import your existing PKCS12 keystore into a Java Keystore. keytool -importkeystore -srckeystore remedy.optinet.net_cert.pfx -srcstoretype pkcs12 -srcstorepass password -destkeystore remedy.optinet.net_cert.jks -deststoretype jks -deststorepass password 2.) Then import your root and intermediate certificates into the remedy.optinet.net_cert.jks. Alternatively, you might try a GUI utility like Keystore Explorer. http://www.lazgosoftware.com/kse/index.html Dan > But got the following error when I started with the root cert: > > D:\Program Files (x86)\Java\jdk1.6.0_19\bin>keytool -import -keystore > tomcat.keystore2 -storepass password -file "c:\Thawte Primary Root > CA.cer" > keytool error: java.lang.Exception: Input not an X.509 certificate > > > Then I imported the certificates into certmgr and exported them to > X.509 and tried again .... got the following: > > D:\Program Files (x86)\Java\jdk1.6.0_19\bin>keytool -import -keystore > tomcat.key > store2 -storepass password -storetype PKCS12 -file "Thawte Primary > Root CA_x.cer > " > Owner: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For > authorized use > only", OU=Certification Services Division, O="thawte, Inc.", C=US > Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For > authorized us > e only", OU=Certification Services Division, O="thawte, Inc.", C=US > Serial number: 344ed55720d5edec49f42fce37db2b6d > Valid from: Fri Nov 17 02:00:00 CAT 2006 until: Thu Jul 17 01:59:59 > CAT 2036 > Certificate fingerprints: > MD5: 8C:CA:DC:0B:22:CE:F5:BE:72:AC:41:1A:11:A8:D8:12 > SHA1: > 91:C6:D6:EE:3E:8A:C8:63:84:E5:48:C2:99:29:5C:75:6C:81:7B:81 > Signature algorithm name: SHA1withRSA > Version: 3 > > Extensions: > > #1: ObjectId: 2.5.29.15 Criticality=true > KeyUsage [ > Key_CertSign > Crl_Sign > ] > > #2: ObjectId: 2.5.29.19 Criticality=true > BasicConstraints:[ > CA:true > PathLen:2147483647 > ] > > #3: ObjectId: 2.5.29.14 Criticality=false > SubjectKeyIdentifier [ > KeyIdentifier [ > 0000: 7B 5B 45 CF AF CE CB 7A FD 31 92 1A 6A B6 F3 46 > .[E....z.1..j..F > 0010: EB 57 48 50 .WHP > ] > ] > > Trust this certificate? [no]: yes > keytool error: java.security.KeyStoreException: TrustedCertEntry not > supported > > I am struggling to get to grips with all of the components like the > "alias", "key", "algorithm", "keystore", "certificate", etc ... and > the different types of keystores ; different types of certificates > and so many other things. > > If you could assist me I would appreciate it greatly. > > Regards > Melanie Snayer > BMC Remedy Product Consultant > ______________________________________________________________ > Blue Turtle Technologies > Tel : +27 (0) 87 721 1874/5/6 | Fax: +27 (0)21 552 7764 | > Cell: +27 (0)82 568 6205 > email: melan...@blueturtle.co.za<mailto:melan...@blueturtle.co.za> > | web: www.blueturtle.co.za<http://www.blueturtle.co.za> > > Imagination was given to us to compensate for what we are not; a > sense of humor was given to us to console us for what we are. > - Mark McGinnis > > > ________________________________ > Blue Turtle Technologies (Pty) Limited | Reg. no.: 2003/002610/07 | > http://www.blueturtle.co.za > Gauteng : Tel: +27 (0)11 206 5600 | Fax: +27 (0)11 206 5606 | > Midridge Office Estate, International Business Gateway, cnr New Road > & Sixth Street, Midrand, 1685 | P O Box 31331, Kyalami, 1684 > Western Cape: Tel: +27 (0)87 721 1874 | Fax: +27 (0)21 552 7764 | > Unit E6, Century Square, Heron Crescent, Century City, Cape Town, > 7446 > > DISCLAIMER: This email and any files transmitted with it are > confidential and are intended solely for the use of the individual > or entity to whom they are addressed. This communication represents > the originator's personal views and opinions, which do not > necessarily reflect those of Blue Turtle Technologies (Pty) Ltd. If > you are not the original recipient or the person responsible for > delivering the email to the intended recipient, be advised that you > have received this email in error, and that any use, dissemination, > forwarding, printing, or copying of this email is strictly > prohibited. If you received this email in error, please immediately > notify the sender. Thank you. > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
