New development, Re: More, Re: Problem bringing up SSL with a CA certificate

[James Lampert <ja...@touchtonecorp.com>]

Ognjen Blagojevic wrote:

> You must find keystore with earlier generated key pair (the one you also 
> used to generate CSR for CA), and import all three certificates into 
> that keystore.

Dear Ognjen:

At this point, I still don't have the keystore used to generate the CSR, 
but I *do* now have the CSR itself. Does that help?

--
JHHL


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: New development, Re: More, Re: Problem bringing up SSL with a CA certificate

[Ognjen Blagojevic <og...@gmail.com>]

James,

On 19.1.2012 18:05, James Lampert wrote:
>> You must find keystore with earlier generated key pair (the one you
>> also used to generate CSR for CA), and import all three certificates
>> into that keystore.
>
> At this point, I still don't have the keystore used to generate the CSR,
> but I *do* now have the CSR itself. Does that help?

No, it doesn't.

Assuming you are NOT using APR connector, the whole procedure goes like 
this:

1. Generate key pair (public and private key) using keytool -genkeypair. 
Both keys are kept in the keystore.

2. Export public key into CSR, and send it to the CA.

3. Receive signed public key (certificate) from CA, along with any other 
necessary certificates forming keychain.

4. Import all received certificates to the keystore you used in step 1.

If you lost your keystore, that means that you lost private key. You 
need to start from the beginning. Generate new keypair, and send it to 
your CA. Before that, check the revocation procedure with your CA.

-Ognjen

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org