RE: Cert Renewal issue + CAcert.org
Use the same tool from the JDK, keytool.exe. Your response should be nothing more than a certificate, the private key that is associated to that certificate had an alias , which you to specify during the import process. Sent from my Windows Phone From: ZicoSent: Monday, May 16, 2011 11:40 AMTo: openssl-users@openssl.orgSubject: Re: Cert Renewal issue + CAcert.org > On Mon, May 16, 2011 at 9:08 PM, Eduardo Navarro >wrote: > >> 4. import response into the keystore >> > > > Thanks Eduardo for your nice and very very effective email. But, I am having > problem with this number 4. What I need to do here actually? Do i need to > install this? Or.. do I need to "replace ( just rename the old one with the > new one) it" and do some configuration in tomcat ? > > What do you say? > > -- > Best, > Zico __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Cert Renewal issue + CAcert.org
On Mon, May 16, 2011 at 9:08 PM, Eduardo Navarro wrote: > 4. import response into the keystore > Thanks Eduardo for your nice and very very effective email. But, I am having problem with this number 4. What I need to do here actually? Do i need to install this? Or.. do I need to "replace ( just rename the old one with the new one) it" and do some configuration in tomcat ? What do you say? -- Best, Zico
Re: Cert Renewal issue + CAcert.org
Java has tools to create the key pairs and the CSR; you are not required to do this with OpenSSL. I provided some links below that have some commands. https://www.digicert.com/easy-csr/keytool.htm http://nl.globalsign.com/en/support/ssl+certificates/java/java+based+webserver/keytool+commands/ In the end the process is similar to: 1. Create keystore and create new CSR within it. 2. Send CSR 3. Get back the response 4. import response into the keystore As for Apache/Tomcat, that I have no direct experience doing, but it should be no more than adding a module and making a few config tweaks. Thanks, -Eduardo From: Zico Sent: Monday, May 16, 2011 10:16 AM To: openssl-users@openssl.org Subject: Cert Renewal issue + CAcert.org I am learning various sites and blogs to make it clear, but, it's yet unclear to me! I think, you may help me if you want and that will be a big favor for me. What I am trying to do is: I am trying to "renew cert" of one server which was certified by CAcert.org. What I am trying to follow is: 1. Generate Private key: with openssl genrsa -des3 -out myserv.key 2048 2. Remove passphrase from key: 3. Generate CSR: with openssl req -new -key myserv.key -out myserv.csr 4. Submit this csr into 3rd party 5. get the certificate and SAVE IT AS MYSERV.CRT ( am I correct here? ) 6. Concatenation CRT+PRIVATE KEY and SAVE THE CONCATENATION AS PEM FORMAT 7. RE-ENCODE PEM INTO PKCS12 8. Create JKS 9. Now what? how can I install JKS for tomcat and apache? what do you suggest me to do? any link? Can you please help me regarding this? -- Best, Zico
