Hi Daniel
Thanks so much for replying. So you mentioned that I ought to import the existing PKCS12 (remedy.optinet.net_cert.pfx) keystore into a Java Keystore (remedy.optinet.net_cert.jks) using the following command: keytool -importkeystore -srckeystore remedy.optinet.net_cert.pfx -srcstoretype pkcs12 -srcstorepass password -destkeystore remedy.optinet.net_cert.jks -deststoretype jks -deststorepass password ...and then to import the root and intermediate certificates into the Java Keystore (remedy.optinet.net_cert.jks). Would I use the following commands or are these incorrect? keytool -import -keystore remedy.optinet.net_cert.jks -storepass password -storetype PKCS12 -file “c:\Thawte Primary Root CA.cer” keytool -import -keystore remedy.optinet.net_cert.jks -storepass password -storetype PKCS12 -file “c:\Thawte SSL CA.cer” Thanks & Regards Melanie -----Original Message----- From: Daniel Mikusa [mailto:dmik...@vmware.com] Sent: 23 March 2012 07:21 PM To: Tomcat Users List Subject: Re: configuring SSL for Tomcat with .pfx ----- Original Message ----- > Hi everyone, > > I have been tasked with configuring SSL for Tomcat. I am new to Tomcat > configuration so I have been through the docs and consulted many > different articles in an attempt to figure out how all of this works. > > I have been given the following (attached): > > * Thawte Primary Root CA.cer > > * Thawte SSL CA.cer > > * remedy.optinet.net_cert.pfx > > My plan was to import the root cert then the intermediate cert then > the .pfx by doing the following: > > > * keytool -import -keystore tomcat.keystore2 -storepass > password -storetype PKCS12 -file "c:\Thawte Primary Root CA.cer" > > * keytool -import -keystore tomcat.keystore2 -storepass > password -storetype PKCS12 -file c:\Thawte SSL CA.cer > > * keytool -importkeystore -deststorepass password > -destkeystore c:\tomcat.keystore2 -srckeystore > c:\remedy.optinet.net_cert.pfx -srcstoretype PKCS12 -srcstorepass > password > What if you try this... 1.) Import your existing PKCS12 keystore into a Java Keystore. keytool -importkeystore -srckeystore remedy.optinet.net_cert.pfx -srcstoretype pkcs12 -srcstorepass password -destkeystore remedy.optinet.net_cert.jks -deststoretype jks -deststorepass password 2.) Then import your root and intermediate certificates into the remedy.optinet.net_cert.jks. Alternatively, you might try a GUI utility like Keystore Explorer. http://www.lazgosoftware.com/kse/index.html Dan > But got the following error when I started with the root cert: > > D:\Program Files (x86)\Java\jdk1.6.0_19\bin>keytool -import -keystore > tomcat.keystore2 -storepass password -file "c:\Thawte Primary Root > CA.cer" > keytool error: java.lang.Exception: Input not an X.509 certificate > > > Then I imported the certificates into certmgr and exported them to > X.509 and tried again .... got the following: > > D:\Program Files (x86)\Java\jdk1.6.0_19\bin>keytool -import -keystore > tomcat.key > store2 -storepass password -storetype PKCS12 -file "Thawte Primary > Root CA_x.cer " > Owner: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For > authorized use only", OU=Certification Services Division, O="thawte, > Inc.", C=US > Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For > authorized us e only", OU=Certification Services Division, O="thawte, > Inc.", C=US Serial number: 344ed55720d5edec49f42fce37db2b6d Valid > from: Fri Nov 17 02:00:00 CAT 2006 until: Thu Jul 17 01:59:59 CAT 2036 > Certificate fingerprints: > MD5: 8C:CA:DC:0B:22:CE:F5:BE:72:AC:41:1A:11:A8:D8:12 > SHA1: > 91:C6:D6:EE:3E:8A:C8:63:84:E5:48:C2:99:29:5C:75:6C:81:7B:81 > Signature algorithm name: SHA1withRSA > Version: 3 > > Extensions: > > #1: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ > Key_CertSign > Crl_Sign > ] > > #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ > CA:true > PathLen:2147483647 > ] > > #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ > KeyIdentifier [ > 0000: 7B 5B 45 CF AF CE CB 7A FD 31 92 1A 6A B6 F3 46 > .[E....z.1..j..F > 0010: EB 57 48 50 .WHP > ] > ] > > Trust this certificate? [no]: yes > keytool error: java.security.KeyStoreException: TrustedCertEntry not > supported > > I am struggling to get to grips with all of the components like the > "alias", "key", "algorithm", "keystore", "certificate", etc ... and > the different types of keystores ; different types of certificates and > so many other things. > > If you could assist me I would appreciate it greatly. > > Regards > Melanie Snayer > BMC Remedy Product Consultant > ______________________________________________________________ > Blue Turtle Technologies > Tel : +27 (0) 87 721 1874/5/6 | Fax: +27 (0)21 552 7764 | > Cell: +27 (0)82 568 6205 > email: > melan...@blueturtle.co.za<mailto:melan...@blueturtle.co.za<mailto:melan...@blueturtle.co.za%3cmailto:melan...@blueturtle.co.za>> > | web: > www.blueturtle.co.za<http://www.blueturtle.co.za<http://www.blueturtle.co.za%3chttp:/www.blueturtle.co.za>> > > Imagination was given to us to compensate for what we are not; a sense > of humor was given to us to console us for what we are. > - Mark McGinnis > > > ________________________________ > Blue Turtle Technologies (Pty) Limited | Reg. no.: 2003/002610/07 | > http://www.blueturtle.co.za Gauteng : Tel: +27 (0)11 206 5600 | Fax: > +27 (0)11 206 5606 | Midridge Office Estate, International Business > Gateway, cnr New Road & Sixth Street, Midrand, 1685 | P O Box 31331, > Kyalami, 1684 Western Cape: Tel: +27 (0)87 721 1874 | Fax: +27 (0)21 > 552 7764 | Unit E6, Century Square, Heron Crescent, Century City, Cape > Town, > 7446 > > DISCLAIMER: This email and any files transmitted with it are > confidential and are intended solely for the use of the individual or > entity to whom they are addressed. This communication represents the > originator's personal views and opinions, which do not necessarily > reflect those of Blue Turtle Technologies (Pty) Ltd. If you are not > the original recipient or the person responsible for delivering the > email to the intended recipient, be advised that you have received > this email in error, and that any use, dissemination, forwarding, > printing, or copying of this email is strictly prohibited. If you > received this email in error, please immediately notify the sender. > Thank you. > ________________________________ Blue Turtle Technologies (Pty) Limited | Reg. no.: 2003/002610/07 | http://www.blueturtle.co.za Gauteng : Tel: +27 (0)11 206 5600 | Fax: +27 (0)11 206 5606 | Midridge Office Estate, International Business Gateway, cnr New Road & Sixth Street, Midrand, 1685 | P O Box 31331, Kyalami, 1684 Western Cape: Tel: +27 (0)87 721 1874 | Fax: +27 (0)21 552 7764 | Unit E6, Century Square, Heron Crescent, Century City, Cape Town, 7446 DISCLAIMER: This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. This communication represents the originator's personal views and opinions, which do not necessarily reflect those of Blue Turtle Technologies (Pty) Ltd. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please immediately notify the sender. Thank you.
