Possible to import SSL private/public key pair from Apache into Tomcat?

[Jonathan Eric Miller <je...@uchicago.edu>]

This question is kind of about Tomcat, but, also to some extent about
keytool and SSL in general.

I've been running Apache Web Server 1.3.x as a Web server with JRun as a
Java Servlet engine in our production environment. I have SSL enabled on the
Apache Web Server and I have the certificate signed by Verisign which I paid
$$$ for.

What I want to do now is to switch to using Tomcat in standalone mode. I
have this up and running no problem. I was able to generate a private key
and then sign that with a test CA that I have. The steps to do this are to
run keytool with -genkey, then -certreq, and then -import.

However, I want to import the private/public key pair from Apache Web Server
into my Java keystore. Does anyone know if this is possible? As far as I can
tell, there is no way to import a private key. I wonder if I send Verisign a
certificate request that I generated from Tomcat, if they will make me buy
another certificate (even though it's for use on the same server and will
replace the original certificate)?

Jon

Re: Possible to import SSL private/public key pair from Apache into Tomcat?

[Jonathan Eric Miller <je...@uchicago.edu>]

Thanks, Ricardo, I'll check it out and give it a try.

Jon

----- Original Message -----
From: "Ricardo" <bo...@si.uji.es>
To: <to...@jakarta.apache.org>
Sent: Monday, September 17, 2001 1:19 AM
Subject: Re: Possible to import SSL private/public key pair from Apache into
Tomcat?


> There's a way to do this ----->  http://www.comu.de/docs/tomcat_ssl.htm.
> I recently solve this problem, because i was working with openssl. But i
> have a question in the group and nobody answer me yet.
> I'm usign client authentication with apache+mod_ssl and i want to change
to
> tomcat. The fact is that i don't know how to configure
> the keystore with the CA public key for validating client certificates...
> I hope the information i give you will be useful, and i will be very happy
> if i get an answer.
>
> Thanks all,
> ============================
> Ricardo Borillo Domenech
> Programació - Servei d'Informàtica
> Universitat Jaume I
> ----- Original Message -----
> From: "Jonathan Eric Miller" <je...@uchicago.edu>
> To: "Tomcat User List" <to...@jakarta.apache.org>
> Sent: Saturday, September 15, 2001 5:28 AM
> Subject: Possible to import SSL private/public key pair from Apache into
> Tomcat?
>
>
> > This question is kind of about Tomcat, but, also to some extent about
> > keytool and SSL in general.
> >
> > I've been running Apache Web Server 1.3.x as a Web server with JRun as a
> > Java Servlet engine in our production environment. I have SSL enabled on
> the
> > Apache Web Server and I have the certificate signed by Verisign which I
> paid
> > $$$ for.
> >
> > What I want to do now is to switch to using Tomcat in standalone mode. I
> > have this up and running no problem. I was able to generate a private
key
> > and then sign that with a test CA that I have. The steps to do this are
to
> > run keytool with -genkey, then -certreq, and then -import.
> >
> > However, I want to import the private/public key pair from Apache Web
> Server
> > into my Java keystore. Does anyone know if this is possible? As far as I
> can
> > tell, there is no way to import a private key. I wonder if I send
Verisign
> a
> > certificate request that I generated from Tomcat, if they will make me
buy
> > another certificate (even though it's for use on the same server and
will
> > replace the original certificate)?
> >
> > Jon
> >
> >
> >
>

Re: Possible to import SSL private/public key pair from Apache into Tomcat?

[Ricardo <bo...@si.uji.es>]

There's a way to do this ----->  http://www.comu.de/docs/tomcat_ssl.htm.
I recently solve this problem, because i was working with openssl. But i
have a question in the group and nobody answer me yet.
I'm usign client authentication with apache+mod_ssl and i want to change to
tomcat. The fact is that i don't know how to configure
the keystore with the CA public key for validating client certificates...
I hope the information i give you will be useful, and i will be very happy
if i get an answer.

Thanks all,
============================
Ricardo Borillo Domenech
Programació - Servei d'Informàtica
Universitat Jaume I
----- Original Message -----
From: "Jonathan Eric Miller" <je...@uchicago.edu>
To: "Tomcat User List" <to...@jakarta.apache.org>
Sent: Saturday, September 15, 2001 5:28 AM
Subject: Possible to import SSL private/public key pair from Apache into
Tomcat?


> This question is kind of about Tomcat, but, also to some extent about
> keytool and SSL in general.
>
> I've been running Apache Web Server 1.3.x as a Web server with JRun as a
> Java Servlet engine in our production environment. I have SSL enabled on
the
> Apache Web Server and I have the certificate signed by Verisign which I
paid
> $$$ for.
>
> What I want to do now is to switch to using Tomcat in standalone mode. I
> have this up and running no problem. I was able to generate a private key
> and then sign that with a test CA that I have. The steps to do this are to
> run keytool with -genkey, then -certreq, and then -import.
>
> However, I want to import the private/public key pair from Apache Web
Server
> into my Java keystore. Does anyone know if this is possible? As far as I
can
> tell, there is no way to import a private key. I wonder if I send Verisign
a
> certificate request that I generated from Tomcat, if they will make me buy
> another certificate (even though it's for use on the same server and will
> replace the original certificate)?
>
> Jon
>
>
>