On 9/15/2004 6:04 AM, SH Solutions wrote:
I want to install SSL to my tomcat server. I do have a signed ceritificate as .key, .csr and .crt files. How do I get tomcat to use these?
I'd assume those files are in PEM format. Then you can use openssl to convert the .key and .crt files to PKCS12 format (usually .p12 or .pfx), which is the other keystore format java recognizes besides its proprietary JKS format.
But, there's a catch. If your cert is not signed by a root CA but by an intermediate CA, you'll need to include the whole certification chain as well in the converted keystore. Not only that, you will need to give each of the certificate a name (alias in keytool's term) when doing the conversion and they need to be in a particular order (from bottom - your cert - to top, IIRC), otherwise, the chain wouldn't be recognized by java. So, as long as you can see the chain from 'keytool -list' command, you're set.
HTH,
-- Dennis Dai [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
