You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by James Tolles <to...@corp.earthlink.net> on 2003/09/30 00:54:45 UTC
Can't import apache ssl key to tomcat keystore
Thanks in advance,
We are trying to import an existing apache ssl crt/key into a tomcat
keystore.
First step was discover that the jdk1.4 / keytool does not support import a
private key into a keystore. (s this still true?)
Next step was to get the "importKey.jar" tool from Biocore and try that.
Two three ssl-keys have imported correctly. The third one however seems to
get broken.
Would anyone know of a more direct way to get an existing "apache
compatible" ssl key into a tomcat keystore?
Thanks for any help..
- James
Re: Can't import apache ssl key to tomcat keystore
Posted by Bill Barker <wb...@wilshire.com>.
The Bicore utility has always worked for me.
Getting on-topic, I'm assuming that since you have an Apache cert, that you
have openssl installed. The alternative method is to use openssl to
generate a pkcs12 file, and use that as your keystore. Something like:
openssl pkcs12 -export -chain -inkey server.key -in server.crt -name
tomcat \
-out server.p12 -cafile ca.crt -caname root
Of course, if your server.crt is signed by Verisign (please, no flames :) or
Thwate, then you can omit the '-cafile' and '-caname' arguments, since JSSE
already knows about the signers. Then in the Factory element (for Tomcat 4,
for Tomcat 5 it's the Connector element) set
'keystoreFile="/path/to/server.p12" keystoreType="pkcs12"'.
"James Tolles" <to...@corp.earthlink.net> wrote in message
news:003c01c386dc$ad970ab0$a70da8c0@PasLap030835...
> Thanks in advance,
>
>
>
> We are trying to import an existing apache ssl crt/key into a tomcat
> keystore.
>
>
>
> First step was discover that the jdk1.4 / keytool does not support import
a
> private key into a keystore. (s this still true?)
>
>
>
> Next step was to get the "importKey.jar" tool from Biocore and try that.
>
>
>
> Two three ssl-keys have imported correctly. The third one however seems to
> get broken.
>
>
>
> Would anyone know of a more direct way to get an existing "apache
> compatible" ssl key into a tomcat keystore?
>
>
>
> Thanks for any help..
>
> - James
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Can't import apache ssl key to tomcat keystore
Posted by Bill Barker <wb...@wilshire.com>.
The Bicore utility has always worked for me.
Getting on-topic, I'm assuming that since you have an Apache cert, that you
have openssl installed. The alternative method is to use openssl to
generate a pkcs12 file, and use that as your keystore. Something like:
openssl pkcs12 -export -chain -inkey server.key -in server.crt -name
tomcat \
-out server.p12 -cafile ca.crt -caname root
Of course, if your server.crt is signed by Verisign (please, no flames :) or
Thwate, then you can omit the '-cafile' and '-caname' arguments, since JSSE
already knows about the signers. Then in the Factory element (for Tomcat 4,
for Tomcat 5 it's the Connector element) set
'keystoreFile="/path/to/server.p12" keystoreType="pkcs12"'.
"James Tolles" <to...@corp.earthlink.net> wrote in message
news:003c01c386dc$ad970ab0$a70da8c0@PasLap030835...
> Thanks in advance,
>
>
>
> We are trying to import an existing apache ssl crt/key into a tomcat
> keystore.
>
>
>
> First step was discover that the jdk1.4 / keytool does not support import
a
> private key into a keystore. (s this still true?)
>
>
>
> Next step was to get the "importKey.jar" tool from Biocore and try that.
>
>
>
> Two three ssl-keys have imported correctly. The third one however seems to
> get broken.
>
>
>
> Would anyone know of a more direct way to get an existing "apache
> compatible" ssl key into a tomcat keystore?
>
>
>
> Thanks for any help..
>
> - James
>
>