I want to make sure we're on the same page here. I have a certificate that looks like this...
-----BEGIN CERTIFICATE----- MIID/DCCAuSgAwIBAgIEAIXW1jANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMC blablablabla /WeCY0ZzyRYuHhQYIm3R+A== -----END CERTIFICATE----- I copied it to a plain text file called domain.cert and then ran this command and received this below error... [EMAIL PROTECTED] root# /usr/java/bin/keytool -import -file domain.cert -storetype pkcs12 keytool error: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big. Am I doing this right? Thanks, Chris > I saw your original post but forgot to reply ... > > You can use keytool to import the certificate using pkcs12 certificate > store (add a '-storetype pkcs12' to keytool's arguments), which is > supported by tomcat. > > Also, if your certificate is signed by an intermediate CA (meaning more > than 2 certs on the chain), you will have to give each cert an alias > name when you export it from openssl, otherwise the keytool won't > recognize the chain. This really took me a while to figure out ... > > HTH, > > Dennis > > On 5/25/2004 12:30 PM, Chris Purcell wrote: >> Thanks for the link Jim, I'm just getting around to this certificate >> now, I got swamped with some extra work that I had to complete first. >> I looked at the link you sent, but there is a small problem, I don't >> know anything about Java:) What do I do with the source code given on >> the page? Should I copy it into a text file and run it with the java >> command? The only programming language I'm familiar with is Perl. >> >> Thanks, >> Chris >> >> >> >>> Hi Chris- >>> >>> I had to do this myself a month ago. >>> >>> You can't use Sun's keytool to import private keys into keystores. >>> You'll need to use something else to load the private key and >>> corresponding cert into a keystore which Tomcat can then read. >>> >>> See the program and notes at http://www.comu.de/docs/tomcat_ssl.htm - >>> it >>> >>> will explain how to use openssl to convert an existing private key >>> and >>> >>> cert into a format that can then be loaded (using source code they >>> provide) into a Java JKS keystore. >>> >>> Let me know if you need more details. >>> >>> -Jim >>> >>> Chris Purcell wrote: >>> >>>> I have an Apache server with an SSL certificate installed from a CA. >>>> Its just a plain text certificate that looks like this.. >>>> >>>> -----BEGIN CERTIFICATE----- >>>> MIID/DCCAuSgAwIBAgIEAIXW1jANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMC >>>> blablablba >>>> /WeCY0ZzyRYuHhQYIm3R+A== >>>> -----END CERTIFICATE----- >>>> >>>> I want to move this certificate to a new server that only runs >>>> Tomcat in standalone mode. I tried to convert it like this (below) >>>> but am getting an error... >>>> >>>> [EMAIL PROTECTED] cert# openssl pkcs12 -export -inkey host-privkey.pem -in >>>> server.cert -out host.foo.org.pfx >>>> [EMAIL PROTECTED] cert# /usr/java/bin/keytool -import -file >>>> host.foo.org.pfx Enter keystore password: changeit >>>> keytool error: java.lang.Exception: Input not an X.509 certificate >>>> >>>> Am I doing something wrong here? >>>> >>>> Thanks, >>>> Chris >>>> >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] For >> additional commands, e-mail: [EMAIL PROTECTED] >> > > > --------------------------------------------------------------------- To > unsubscribe, e-mail: [EMAIL PROTECTED] For > additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
