Should be something like this to remove expired certs
keytool -delete -alias verisignclass2ca -keystore -cacerts -storepass changeit
keytool -delete -alias verisignclass3ca -keystore -cacerts -storepass changeit
keytool -delete -alias verisignclass4ca -keystore -cacerts -storepass changeit
Verisign appear to recommend that you remove the class1 cert too.
keytool -delete -alias verisignclass1ca -keystore -cacerts -storepass changeit
Download new certs to {JAVA_HOME}\jre\lib\security directory from
http://www.verisign.com/support/roots.html
Extract PCA1ss_v4.509,PCA2ss_v4.509,PCA3ss_v4.509 to the same directory
Then import them using
keytool -import -alias verisignclass1ca -keystore -cacerts -storepass changeit
-file PCA1ss_v4.509
keytool -import -alias verisignclass2ca -keystore -cacerts -storepass changeit
-file PCA2ss_v4.509
keytool -import -alias verisignclass3ca -keystore -cacerts -storepass changeit
-file PCA3ss_v4.509
Verisgn also recommend importing the G2 and G3 certs.
Extract releveant files from zip. Use import as above, remembering to give each
cert a unique (sensible) alias.
There is also at least on other thread on tomcat-user about this. Might be worth
a look in the archives.
Mark
-----Original Message-----
From: Tea, Justin [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 14, 2004 11:47 PM
To: Tomcat Users List
Subject: RE: New to tomcat
Thanks! That works. Sure enough, it expired 1/7.
Now, how do I get the Verisign intermediate cert in there?
<snip>
Try this in your {JAVA_HOME}\jre\lib\security directory
keytool -list -v -keystore cacerts
You'll need to enter your keystore password. This is changeit by default
unless
someone had the good sense to do the obvious.
This will give a long list of the certificates including the validity
dates.
Mark
-----Original Message-----
From: Tea, Justin [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 14, 2004 10:56 PM
To: Tomcat Users List; [EMAIL PROTECTED]
Subject: New to tomcat
Hi,
I'm new to Tomcat, Apache and JDK world (three things I noticed are
loaded on our server). Our custom apps broke around the time Verisign
cert expired. How can I tell whether this is indeed the case?
Keytool? If so, what's the exact parameter?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
