You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Solomon Gorlick <So...@abilizer.com> on 2001/08/31 22:41:42 UTC
SSL: keystore and private key/certificate storage
Hi Tomcat Users,
Do I need to store my signed certificate and private key in a keystore to
use SSL with tomcat 3.2.3 stand alone? If so, how do I get an
already-generated private key AND signed certificate in there?
I've followed the documentation at the below url:
http://jakarta.apache.org/tomcat/tomcat-3.2-doc/tomcat-ssl-howto.html
and re-built tomcat with SSL support.
Using the JDK's keytool tool with the -genkey flag, I have created a private
key and an unsigned certificate and put it into a keystore file. When I
refer to these in the server.xml file, and run tomcat, things seem to be
working fine. That is, on tomcat's start up, I see the 8443 line for ssl,
and I can go to an https: link on my running server and get the output
through a browser. Looks great so far.
However, at my company we have an existing private key and certified public
key pair (that was generated some time ago), that I am interested in
continuing to use (instead of generating them anew).
It seems to me that if I want to use tomcat with the jsse library, I have to
store the private key and the
certified public key in a .keystore file. How do I import an
already-generated private key? I seem to have been able to import the
signed certificate into an empty keystore with this line:
keytool -import -v -trustcacerts -alias abilizer -file
d:\build_certs\secured_abilizer_com-cert.pem
But how do I get a the matching private key that was generated some time ago
in there as well?
I have checked out sun's documentation for keytool and it seems to me that
the above isn't supported. I have scanned www.openssl.org and the archives
for this list. Although I found a couple similar questions as the above in
the latter, I didn't notice any answers.
Is there something I am missing here? Can't I just import an existing
PRIVATE key into the keystore? Optionally, can I just use the private key
and certified public key pair with a tomcat only install WITHOUT embedding
them in a keystore?
Any help would be appreciated.
thanks,
Solomon