Is public the one returned from Versign or is it the Verisign's CA Cert? If you want try following to see if the cert exists within JDK trusted calist: Execute from jdk\jre\lib\security Directory
keytool -list -keystore cacerts -storepass changeit Jay -----Original Message----- From: Dave Wood [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 11:12 PM To: Tomcat Email List Subject: SSL/Verisign Confusion I'm having a problem getting an SSL certificate from Verisign working correctly. I'm going to include everything I can think of that MIGHT be a problem. Unfortunately, there are a couple things I can't quite remember for certain. Here's the situation: 1. I generated the initial key using an alias other than "tomcat" (we'll call it "company") 2. I generated the CSR and sent it to verisign. I still have this file. 3. Verisign changed the company name during the verification process (from an acronym to the full spelling of the name) 4. I now have the certificate that they sent back after the validation process. 5. One thing I can't account for is why when I see this: $ keytool -list Keystore type: jks Keystore provider: SUN Your keystore contains 4 entries: (...others removed...) company, Fri Aug 22 08:47:04 MDT 2003, trustedCertEntry, Certificate fingerprint (MD5): 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 (the numbers aren't really 0's) ...I think I must have self-signed or something (I was doing a couple of these things and don't recall exactly), but I'm surprised to see "trustedCertEntry" here. The problem I'm having is this: $ keytool -import -trustcacerts -alias company -file public.crt Enter keystore password: xxx keytool error: java.lang.Exception: Certificate not imported, alias <company> already exists (but I'm thinking it should be REPLACING this entry, so the fact that it exists shouldn't be a problem???) So, I have several questions: 1. Am I hosed completely because I didn't use "tomcat" as the alias? 2. How does the private key get stored exactly? I assume that if I delete the current entry for the "company" alias, I'll be losing the private key, right? 3. Can someone provide steps I should take to get this working given what I have said above. Thanks so much in advance. Sorry to be so long-winded. -Dave --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]