You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Scott Purcell <pu...@charter.net> on 2005/12/03 19:42:27 UTC
Verisign Certificate Still Giving Me Troubles:
Hello,
A few people helped me out last week, to get simple SSL running. IN particular Dhaval, Remy and Nate. Anyway, I have followed the directions from here: http://www.fatofthelan.com/articles/articles.php?pid=12 section 3 and all works well.
So that means my tomcat is all configured and happy.
But this was a "generic" certificate. I gave Verisign a certreq.csr file and they gave me a certificate last week and it was called cert.cer.
I cannot for the life of me figure out how to get the certreq.csr working?
I have been following these steps here:
Based upon my knowledge,to incorporate Verisign certificate, steps are as follows:
(Derived from http://www.fatofthelan.com/articles/articles.php?pid=12 )
(1) openssl req -new -out server.csr (This will generate csr and private key. Make sure you feel
the values correctly on openssl command prompt. )
(2) openssl rsa -in privkey.pem -out server.key (This removes the passphrase from the private key.
Also delete generated .rnd file)
(3) Here there are two (either or) possibilities:
But honestly do not know where to substitute my "certreq.csr" that verisign gave me in this equation.
Regards
Re: Verisign Certificate Still Giving Me Troubles:
Posted by Bill Barker <wb...@wilshire.com>.
Well, firstly, Verisign should have given you a cert.crt file :).
Verisign uses an intermediate cert to sign with (available from their site).
Based on configuring mod_ssl I'm guessing that you need to download it and
set:
SSLCertificateChainFile="/path/to/int/cert.crt"
in your <Connector> element.
>From the previous threads, I'm assuming that you are still using the APR
connector. If you are using the Java connector, then simply import the
intermediate cert into your keystore (and ignore the above).
"Scott Purcell" <pu...@charter.net> wrote in message
news:016101c5f839$74133f90$0501a8c0@office...
Hello,
A few people helped me out last week, to get simple SSL running. IN
particular Dhaval, Remy and Nate. Anyway, I have followed the directions
from here: http://www.fatofthelan.com/articles/articles.php?pid=12 section 3
and all works well.
So that means my tomcat is all configured and happy.
But this was a "generic" certificate. I gave Verisign a certreq.csr file and
they gave me a certificate last week and it was called cert.cer.
I cannot for the life of me figure out how to get the certreq.csr working?
I have been following these steps here:
Based upon my knowledge,to incorporate Verisign certificate, steps are as
follows:
(Derived from http://www.fatofthelan.com/articles/articles.php?pid=12 )
(1) openssl req -new -out server.csr (This will generate csr and private
key. Make sure you feel
the values correctly on openssl command prompt. )
(2) openssl rsa -in privkey.pem -out server.key (This removes the passphrase
from the private key.
Also delete generated .rnd file)
(3) Here there are two (either or) possibilities:
But honestly do not know where to substitute my "certreq.csr" that verisign
gave me in this equation.
Regards
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Verisign Certificate Still Giving Me Troubles:
Posted by Kyle <kl...@attitia.com>.
Scott,
I don't remember reading your previous thread, so I may be off-base but,
.......... <famous last words>
To state the obvious, you just need to replace in config whichever
self-signed cert file you generated with your new Verisign cert file.
Ignoring for a second the certificate install process in Tomcat, could
your problem be as simple as;
You initially got everything working and configured with your generic
(self-signed) cert. and presumably server.key.
However, upon submitting your .csr to Verisign, you appear to have
generated a new key. So have you remembered to also replace in config
the new server.key to match the provided cert.?
The .csr AFAIK is just that, a request, and is actually irrelevant once
you have received the cert.
K
Scott Purcell wrote:
>
>Hello,
>
>A few people helped me out last week, to get simple SSL running. IN particular Dhaval, Remy and Nate. Anyway, I have followed the directions from here: http://www.fatofthelan.com/articles/articles.php?pid=12 section 3 and all works well.
>
>So that means my tomcat is all configured and happy.
>
>But this was a "generic" certificate. I gave Verisign a certreq.csr file and they gave me a certificate last week and it was called cert.cer.
>
>I cannot for the life of me figure out how to get the certreq.csr working?
>
>I have been following these steps here:
> Based upon my knowledge,to incorporate Verisign certificate, steps are as follows:
>(Derived from http://www.fatofthelan.com/articles/articles.php?pid=12 )
>(1) openssl req -new -out server.csr (This will generate csr and private key. Make sure you feel
>the values correctly on openssl command prompt. )
>(2) openssl rsa -in privkey.pem -out server.key (This removes the passphrase from the private key.
>Also delete generated .rnd file)
>(3) Here there are two (either or) possibilities:
>
>
>But honestly do not know where to substitute my "certreq.csr" that verisign gave me in this equation.
>
>Regards
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org