Definitive Guide for setting up SSL for Tomcat

[Patrick Lacson <pl...@gmail.com>]

hi all,

I've been trying to set up SSL using the Verisign free trial certificate
without success.  The self-cert using instructions per the tomcat5.5-ssl-how.
was easy and straightforward, but the instructions for how to use a verisign
certificate did not work.  I have followed those instructions using the
Verisign Chain imported first and then importing the Verisign Cert second.

Here's the steps:

1) D:\emod>keytool -keystore emod-keystore -genkey -alias tomcat -keyalg RSA
.. (asks me questions about the cert) ...
.. (leave tomcat password blank by pressing enter) ...

Next  I generate the cert request for Verisign using the command:

2) D:\emod>keytool -certreq -keyalg RSA -alias tomcat -file
certreq.csr-keystore emod-keystore
Enter keystore password:  changeit

I submit that CSR to Verisign in the Free Trial offer wizard.

While waitiing for the submitted cert to return, I import the Chain
Authority:
http://www.verisign.com/support/install2/intermediate.html

3) D:\emod>keytool -import -alias root -keystore emod-keystore -trustcacerts
-file chain-cert.txt
Enter keystore password:  changeit
Certificate was added to keystore

I check my email and copy the cert from the email to a separate file and
import the cert

4) D:\emod>keytool -import -alias tomcat -keystore emod-keystore
-trustcacerts -file trial-cert.cer
Enter keystore password:  changeit
keytool error: java.lang.Exception: Failed to establish chain from reply

This is where I need your help.  I followed the Tomcat instructions (
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html) to the letter and
have been unsuccessful.

Thanks in advance
Patrick