You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by James Lampert <ja...@touchtonecorp.com> on 2012/01/19 18:05:30 UTC
New development, Re: More, Re: Problem bringing up SSL with a CA
certificate
Ognjen Blagojevic wrote:
> You must find keystore with earlier generated key pair (the one you also
> used to generate CSR for CA), and import all three certificates into
> that keystore.
Dear Ognjen:
At this point, I still don't have the keystore used to generate the CSR,
but I *do* now have the CSR itself. Does that help?
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: New development, Re: More, Re: Problem bringing up SSL with a
CA certificate
Posted by Ognjen Blagojevic <og...@gmail.com>.
James,
On 19.1.2012 18:05, James Lampert wrote:
>> You must find keystore with earlier generated key pair (the one you
>> also used to generate CSR for CA), and import all three certificates
>> into that keystore.
>
> At this point, I still don't have the keystore used to generate the CSR,
> but I *do* now have the CSR itself. Does that help?
No, it doesn't.
Assuming you are NOT using APR connector, the whole procedure goes like
this:
1. Generate key pair (public and private key) using keytool -genkeypair.
Both keys are kept in the keystore.
2. Export public key into CSR, and send it to the CA.
3. Receive signed public key (certificate) from CA, along with any other
necessary certificates forming keychain.
4. Import all received certificates to the keystore you used in step 1.
If you lost your keystore, that means that you lost private key. You
need to start from the beginning. Generate new keypair, and send it to
your CA. Before that, check the revocation procedure with your CA.
-Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org