You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by KeigoTanaka <ke...@hde.co.jp> on 2002/06/13 08:22:46 UTC
about importing the existing certificate.
hi.
I want to use Tomcat SSL standalone, and I have a certificate for the
apache + mod_ssl generated by openssl and verified by verisign.
Can it use the existing certificate ?
I'm using Tomcat 3.3 and JDK-1.3.1 and I also tried J2SDK-1.4.
If it can, please tell me how can I do it or some pointers.
I already read the tomcat SSL howto documents.
http://jakarta.apache.org/tomcat/tomcat-3.2-doc/tomcat-ssl-howto.html
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
Actually I could import the certificate into my keystore but I could not
make certificate chain.
This is what I do.
************************************************************
key.pem <- This is key generated with openssl.
csr.pem <- This is csr used when I applied to verisign.
gsid.crt <- This is global server ID returned from verisign.
$ openssl req -x509 -in csr.pem -key key.pem -out cert.pem
I entered passphrase and cert.pem was created and ..
the key was certificated by Intermediate CA certificate so I have to
import it.
$ keytool -import -trustcacerts -alias intermediateca -file intermediate.pem
and I import the certificate.
$ keytool -import -trustcacerts -alias tomcat -file cert.pem
$ keytool -list -v -keystore ./keystore
Enter keystore password: XXXXXXXX
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: intermediateca
Creation date: Jun 12, 2002
Entry type: trustedCertEntry
Owner: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign,
Inc.", O=VeriSign Trust Network
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Serial number: 236c971e2bc60d0bf97460def108c3c3
Valid from: Thu Apr 17 09:00:00 JST 1997 until: Thu Jan 08 08:59:59 JST 2004
Certificate fingerprints:
MD5: 18:87:5C:CB:F8:20:5D:24:4A:BF:19:C7:13:0E:FD:B4
SHA1: 8B:24:CD:8D:8B:58:C6:DA:72:AC:E0:97:C7:B1:E3:CE:A4:DC:3D:C6
*******************************************
*******************************************
Alias name: tomcat
Creation date: Jun 12, 2002
Entry type: trustedCertEntry
Owner: CN=www.example.com, O="Current, Inc.", OU="Member, VeriSign Trust Network", OU=Authenticated by VeriSign Japan K.K., OU=Terms of use a
t www.verisign.co.jp/RPA (c)00, L=CHIYODA-KU, ST=TOKYO, C=JP
Issuer: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign,
Inc.", O=VeriSign Trust Network
Serial number: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Valid from: Tue Apr 23 09:00:00 JST 2002 until: Thu May 08 08:59:59 JST 2003
Certificate fingerprints:
MD5: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
SHA1: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
*******************************************
*******************************************
thank you in advance for your help.
KeigoTANAKA <ke...@hde.co.jp>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>