Hi, Just an update of my progress. I manage to create a pkcs12 keystore from my certificate and the private key with openSSL. openssl pkcs12 -export -inkey private.key -in domain.crt -out domain.pfx -name "default" I used the exported domain.pfx as keystore in the configuration and it worked! I just have one follow up question: I still haven't included the SSLCACertificateFile (ca.crt) into the keystore. And when I tried doing that with the keytool i got the following error:TrustedCertEntry not supported It seems that pkcs12 keystores can not include trusted certificates. Do I really need it to begin with? Just tell me if am approaching this all wrong :) BR John
----- Original Message ----- From: "John Riley" To: ftpserver-dev@incubator.apache.org Subject: Re: Implicit SSL Date: Tue, 13 Mar 2007 02:31:10 -0500 Hi and thanks for a quick answer! I made some research and found out what a keystore really is and I've made some progress into creating one. What I want to embedd in the keystore are: CA.crtDomain.crtRSA_private.key I found out how to import the certificates with keytool to create a keystore but I have no idea how to deal with the private key. This is what I have done so far:keytool -import -trustcacerts -keystore .keystore -alias CA -file CA.crtkeytool -import -trustcacerts -keystore .keystore -alias Domain -file Domain.crt Any ideas? BR John ----- Original Message ----- From: "Niklas Gustavsson" To: ftpserver-dev@incubator.apache.org Subject: Re: Implicit SSL Date: Mon, 12 Mar 2007 22:34:59 +0100 John Riley wrote: > Thanks, > > It works a log better now. I have one question though. I have bought a > SSL certificate for our webserver and I want to use it with the FTP > installation as well. Of what I can tell from the configuration I need a > keystore. Is it possible to use the certificate files and if not, how do > I obtain a keystore? Did you receive a p12 or pfx file with the private key? Or maybe you created it before to send your certificate request to the CA. If you do have the P12 (or pfx) you can use that directly as your keystore. Just set the keystore type to pkcs12 and you should be done. If that doesn't work or you only got your keys in some other format, get back here and I'll try to help you. /niklas
