Could you elaborate a bit more on how to move the private key from Apache to Tomcat? You would think if I have a cert from a CA then I should be able to import it into any server that uses SSL. I already have the cert all the other parts are only things that allowed me to obtain the cert.
Thanks, -Mark -----Original Message----- From: Mikhail Kruk [mailto:[EMAIL PROTECTED] Sent: Friday, April 01, 2005 7:45 AM To: Tomcat Users List; Hein Behrens Subject: Re: SSL configuration question > I thought the two are not related my key is stored in the java > keystore. I did everything with keytool, part of java. > > Tomcat only needs the password and name. > > The SSL certificate is not generated for or by tomcat. Getting a valid certificate is a four step process. 1) Generate private key (keytool -genkey) this puts a private key into your keystore. It's secret, hide it. 2) Generate certificate request (keytool -certreq) creates a file which contains information about you (common name, city, state etc) and the public key which corresponds to private key from step 1 3) submit the request from step 2 to the authority (Thawte, Verisign...) 4) get signed certificate from the authority and import it into the keystore (keytool -import) For step 4 to work correctly the keystore must contain the private key from step 1. You can't generate private key in a Apache and then import corresponding certificate into Tomcat -- you must first move the private key from Apache to Tomcat. > > ----- Original Message ----- > From: "Mikhail Kruk" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <tomcat-user@jakarta.apache.org> > Sent: Thursday, March 31, 2005 11:42 PM > Subject: RE: SSL configuration question > > > > > The certificate I imported was not self-signed (or should not be). It > is > > > what I received back from Entrust after submitting a CSR. It was already > in > > > use on Apache before I decided not to use Apache anymore. It worked > before > > > on Apache. I shut down apache and was intending to use the cert on only > > > Tomcat. > > > > You can't easily import the certificate that was generated for Apache into > > Tomcat -- you need to have the prvite key part in your keystore and your > > private key is in your Apache. There must be a way to get the key from > > Apache and move it to Tomcat, but I'm not sure what it is. > > This might help: > > http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs24694 > > > > > > > > > > > Thanks, > > > -Mark > > > > > > > > > -----Original Message----- > > > From: Sasisekar S Sundaram [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, March 31, 2005 2:43 PM > > > To: Tomcat Users List > > > Subject: Re: SSL configuration question > > > > > > It shows both "issued to" and "issue by" because it is a self signed > > > certificate. when you get you certificate authorized by some one like > > > verisign, and then import that certificate into your keystore, you'll > get > > > "issued by" as that certifying authority's name. > > > ----- Original Message ----- > > > From: "Faine, Mark" <[EMAIL PROTECTED]> > > > To: "'Tomcat Users List'" <tomcat-user@jakarta.apache.org> > > > Sent: Thursday, March 31, 2005 1:13 PM > > > Subject: RE: SSL configuration question > > > > > > > > > > Thanks, I tried that before and got a permission error, but it works > now. > > > > > > > > -Mark > > > > > > > > > > > > -----Original Message----- > > > > From: Hein Behrens [mailto:[EMAIL PROTECTED] > > > > Sent: Thursday, March 31, 2005 12:41 PM > > > > To: Tomcat Users List > > > > Subject: Re: SSL configuration question > > > > > > > > Answer to number 2 is edit your server.xml change 8443 to 443 in the > ssl > > > > section also check that the the normal port redirects to 443. > > > > > > > > Where you see 8443 change to 443. > > > > > > > > 2 changes in your server.xml. > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Faine, Mark" <[EMAIL PROTECTED]> > > > > To: <tomcat-user@jakarta.apache.org> > > > > Sent: Thursday, March 31, 2005 7:44 PM > > > > Subject: SSL configuration question > > > > > > > > > > > > > Solaris 8, Tomcat 5.0.28 > > > > > > > > > > I've configured my tomcat installation with my SSL key from Entrust > and > > > it > > > > > is working (sort of). > > > > > > > > > > 1. It is not correctly configured. It shows my organization as > both > > > > > "issued to" and "issue by" when I view the certificate information. > > > Could > > > > > someone explain what I have done wrong and how to correct it. > > > > > > > > > > 2. It must be run on port 8443 because I need to run it as a user > other > > > > > than root. How can I bypass this limitation and run it on the > standard > > > > 443 > > > > > port? > > > > > > > > > > Thanks, > > > > > -Mark > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]