You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by ian loyola <ia...@yahoo.com> on 2010/06/24 00:04:53 UTC
Convert a certificate from IIS (.PFX) into a (.keystore) for Apache Tomcat v 6.x
Dear colleagues,
I'm running IIS version 6 and Apache Tomcat 6.x on a Windows 2003 enterprise server. I had to renew SSL certificates for both the IIS and Tomcat web server.
I was told to raise a CSR from the IIS server and create a certificate. The certificate (.PFX) could then be converted into a (.keystore) file for Tomcat. Unfortunately, I'm struggling with this.
Generating a new CSR is unfortunately not an option as it needs to be completed tomorrow.
Could you please please assist me to convert a certificate from IIS (.PFX) into a (.keystore) for Apache Tomcat v 6.x?
Thank you.
Best regards,
Ian
Re: Convert a certificate from IIS (.PFX) into a (.keystore) for
Apache Tomcat v 6.x
Posted by Bruno Harbulot <Br...@manchester.ac.uk>.
On 23/06/10 23:04, ian loyola wrote:
> Dear colleagues,
>
> I'm running IIS version 6 and Apache Tomcat 6.x on a Windows 2003 enterprise server. I had to renew SSL certificates for both the IIS and Tomcat web server.
>
> I was told to raise a CSR from the IIS server and create a certificate. The certificate (.PFX) could then be converted into a (.keystore) file for Tomcat. Unfortunately, I'm struggling with this.
>
> Generating a new CSR is unfortunately not an option as it needs to be completed tomorrow.
>
> Could you please please assist me to convert a certificate from IIS (.PFX) into a (.keystore) for Apache Tomcat v 6.x?
As far as I'm aware, .PFX files are PKCS#12 files.
Why convert instead of using that file and keystoreType="PKCS12"?
Best wishes,
Bruno.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Convert a certificate from IIS (.PFX) into a (.keystore) for Apache Tomcat v 6.x
Posted by ian loyola <ia...@yahoo.com>.
Hi Konstantin, Goo Sam and Mark,
Thank you for responding so quickly to my post. Your articles were helpful but it didn't show me the exact procedure as how to chain certificates etc. (or I misread them)
I managed to do it using this really cool tool "KeyStore Explorer 4.0" from http://www.lazgosoftware.com/kse/index.html
It has a really nice interface and really easy to use. I managed to create a Java keystore file (.jks) by importing the CA root certificate, the CA intermediate certificate and the Key pair from the .PFX file.
I'll post a detailed "how to guide" tomorrow. I'm going to get some sleep now.
Thanks once again.
Cheers,
Ian
________________________________
From: Goo Sam Kong <sk...@gmail.com>
To: Tomcat Users List <us...@tomcat.apache.org>
Sent: Thu, 24 June, 2010 6:44:57 AM
Subject: Re: Convert a certificate from IIS (.PFX) into a (.keystore) for Apache Tomcat v 6.x
Hi Ian,
Take a look on this
http://tp.its.yale.edu/pipermail/cas/2005-July/001337.html. Hope it helps.
On 24 June 2010 06:41, Konstantin Kolinko <kn...@gmail.com> wrote:
> 2010/6/24 Mark Eggers <it...@yahoo.com>:
> > Google is your friend?
> >
> >
> http://www.cb1inc.com/2007/04/30/converting-pfx-certificates-to-java-keystores/
> >
> > Please note that I have not tried this. Your mileage may vary.
> >
>
> Noticing the "PKCS #12" hint form the above page,
> I can find this Sun article:
>
> http://java.sun.com/developer/technicalArticles/J2SE/security/#4
> "Import and Export PKCS#12 Keystores"
>
> > how to chain the CA's intermediate certificates
>
> It looks that the method described in the Sun article imports the
> whole keystore, and from description of the format it looks that the
> one from Jetty also does so.
>
> Disclaimer: I have not tried them.
>
> Best regards,
> Konstantin Kolinko
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Convert a certificate from IIS (.PFX) into a (.keystore) for
Apache Tomcat v 6.x
Posted by Goo Sam Kong <sk...@gmail.com>.
Hi Ian,
Take a look on this
http://tp.its.yale.edu/pipermail/cas/2005-July/001337.html. Hope it helps.
On 24 June 2010 06:41, Konstantin Kolinko <kn...@gmail.com> wrote:
> 2010/6/24 Mark Eggers <it...@yahoo.com>:
> > Google is your friend?
> >
> >
> http://www.cb1inc.com/2007/04/30/converting-pfx-certificates-to-java-keystores/
> >
> > Please note that I have not tried this. Your mileage may vary.
> >
>
> Noticing the "PKCS #12" hint form the above page,
> I can find this Sun article:
>
> http://java.sun.com/developer/technicalArticles/J2SE/security/#4
> "Import and Export PKCS#12 Keystores"
>
> > how to chain the CA's intermediate certificates
>
> It looks that the method described in the Sun article imports the
> whole keystore, and from description of the format it looks that the
> one from Jetty also does so.
>
> Disclaimer: I have not tried them.
>
> Best regards,
> Konstantin Kolinko
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Convert a certificate from IIS (.PFX) into a (.keystore) for
Apache Tomcat v 6.x
Posted by Konstantin Kolinko <kn...@gmail.com>.
2010/6/24 Mark Eggers <it...@yahoo.com>:
> Google is your friend?
>
> http://www.cb1inc.com/2007/04/30/converting-pfx-certificates-to-java-keystores/
>
> Please note that I have not tried this. Your mileage may vary.
>
Noticing the "PKCS #12" hint form the above page,
I can find this Sun article:
http://java.sun.com/developer/technicalArticles/J2SE/security/#4
"Import and Export PKCS#12 Keystores"
> how to chain the CA's intermediate certificates
It looks that the method described in the Sun article imports the
whole keystore, and from description of the format it looks that the
one from Jetty also does so.
Disclaimer: I have not tried them.
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Convert a certificate from IIS (.PFX) into a (.keystore) for Apache Tomcat v 6.x
Posted by ian loyola <ia...@yahoo.com>.
Hi Mark,
Thanks for that. I did try searching a lot for it and I did come across that article. But that method doesn't explain how to chain the CA's intermediate certificates. Any idea how to do that?
Cheers,
Ian
________________________________
From: Mark Eggers <it...@yahoo.com>
To: Tomcat Users List <us...@tomcat.apache.org>
Sent: Thu, 24 June, 2010 3:43:12 AM
Subject: Re: Convert a certificate from IIS (.PFX) into a (.keystore) for Apache Tomcat v 6.x
Google is your friend?
http://www.cb1inc.com/2007/04/30/converting-pfx-certificates-to-java-keystores/
Please note that I have not tried this. Your mileage may vary.
/mde/
--- On Wed, 6/23/10, ian loyola <ia...@yahoo.com> wrote:
> From: ian loyola <ia...@yahoo.com>
> Subject: Convert a certificate from IIS (.PFX) into a (.keystore) for Apache Tomcat v 6.x
> To: users@tomcat.apache.org
> Date: Wednesday, June 23, 2010, 3:04 PM
> Dear colleagues,
>
> I'm running IIS version 6 and Apache Tomcat 6.x on a
> Windows 2003 enterprise server. I had to renew SSL
> certificates for both the IIS and Tomcat web server.
>
> I was told to raise a CSR from the IIS server and create a
> certificate. The certificate (.PFX) could then be converted
> into a (.keystore) file for Tomcat. Unfortunately, I'm
> struggling with this.
>
> Generating a new CSR is unfortunately not an option as it
> needs to be completed tomorrow.
>
> Could you please please assist me to convert a certificate
> from IIS (.PFX) into a (.keystore) for Apache Tomcat v 6.x?
>
> Thank you.
>
> Best regards,
> Ian
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Convert a certificate from IIS (.PFX) into a (.keystore) for Apache Tomcat v 6.x
Posted by Mark Eggers <it...@yahoo.com>.
Google is your friend?
http://www.cb1inc.com/2007/04/30/converting-pfx-certificates-to-java-keystores/
Please note that I have not tried this. Your mileage may vary.
/mde/
--- On Wed, 6/23/10, ian loyola <ia...@yahoo.com> wrote:
> From: ian loyola <ia...@yahoo.com>
> Subject: Convert a certificate from IIS (.PFX) into a (.keystore) for Apache Tomcat v 6.x
> To: users@tomcat.apache.org
> Date: Wednesday, June 23, 2010, 3:04 PM
> Dear colleagues,
>
> I'm running IIS version 6 and Apache Tomcat 6.x on a
> Windows 2003 enterprise server. I had to renew SSL
> certificates for both the IIS and Tomcat web server.
>
> I was told to raise a CSR from the IIS server and create a
> certificate. The certificate (.PFX) could then be converted
> into a (.keystore) file for Tomcat. Unfortunately, I'm
> struggling with this.
>
> Generating a new CSR is unfortunately not an option as it
> needs to be completed tomorrow.
>
> Could you please please assist me to convert a certificate
> from IIS (.PFX) into a (.keystore) for Apache Tomcat v 6.x?
>
> Thank you.
>
> Best regards,
> Ian
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org