You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by KeigoTanaka <ke...@hde.co.jp> on 2002/06/13 08:22:46 UTC

about importing the existing certificate.

hi.

I want to use Tomcat SSL standalone, and I have a certificate for the
apache + mod_ssl generated by openssl and verified by verisign.

Can it use the existing certificate ?
I'm using Tomcat 3.3 and JDK-1.3.1 and I also tried J2SDK-1.4.

If it can, please tell me how can I do it or some pointers.

I already read the tomcat SSL howto documents.
http://jakarta.apache.org/tomcat/tomcat-3.2-doc/tomcat-ssl-howto.html
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html

Actually I could import the certificate into my keystore but I could not
make certificate chain.

This is what I do.
************************************************************
key.pem  <- This is key generated with openssl.
csr.pem  <- This is csr used when I applied to verisign.
gsid.crt <- This is global server ID returned from verisign.

$ openssl req -x509 -in csr.pem -key key.pem -out cert.pem 
I entered passphrase and cert.pem was created and ..
the key was certificated by Intermediate CA certificate so I have to
import it.
$ keytool -import -trustcacerts -alias intermediateca -file intermediate.pem
and I import the certificate.
$ keytool -import -trustcacerts -alias tomcat -file cert.pem 

$ keytool -list -v -keystore ./keystore
Enter keystore password:  XXXXXXXX

Keystore type: jks
Keystore provider: SUN

Your keystore contains 2 entries

Alias name: intermediateca
Creation date: Jun 12, 2002
Entry type: trustedCertEntry

Owner: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign,
Inc.", O=VeriSign Trust Network
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Serial number: 236c971e2bc60d0bf97460def108c3c3
Valid from: Thu Apr 17 09:00:00 JST 1997 until: Thu Jan 08 08:59:59 JST 2004
Certificate fingerprints:
         MD5:  18:87:5C:CB:F8:20:5D:24:4A:BF:19:C7:13:0E:FD:B4
         SHA1: 8B:24:CD:8D:8B:58:C6:DA:72:AC:E0:97:C7:B1:E3:CE:A4:DC:3D:C6

*******************************************
*******************************************


Alias name: tomcat
Creation date: Jun 12, 2002
Entry type: trustedCertEntry

Owner: CN=www.example.com, O="Current, Inc.", OU="Member, VeriSign Trust Network", OU=Authenticated by VeriSign Japan K.K., OU=Terms of use a
t www.verisign.co.jp/RPA (c)00, L=CHIYODA-KU, ST=TOKYO, C=JP
Issuer: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign,
 Inc.", O=VeriSign Trust Network
Serial number: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Valid from: Tue Apr 23 09:00:00 JST 2002 until: Thu May 08 08:59:59 JST 2003
Certificate fingerprints:
         MD5:  xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
         SHA1: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx


*******************************************
*******************************************

thank you in advance for your help.

KeigoTANAKA <ke...@hde.co.jp>


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>