1. Create tomcat key in your own keystore
2. Create CSR
3. Submit CSR
4. Get response
5. Import CA's root cert to cacerts (%JAVA_HOME%\jre\lib\security\cacerts)
6. Import new cert to same keystore as 1 (use same alias & trustcacerts option)
7. Restart Tomcat
HTH
Mark
Bruce Perryman wrote:
Thanks for responding!
Yes, I do have a backup, but I should have mentioned that there were several attempts to get this working. One of the first attempts ommitted step #5, but I had the same result. I used step #5 in an attempt to remove the old and then insert the new. But that didn't work either.
One other thing that I noticed is that my previous (expired) keystore had 2 certs in it one was a root trusted cert entry and the tomcat key entry.
This time, in one of my initial attempts, the tomcat alias was the only entry and it was the trusted cert entry.
Does this have anything to do with the problem? --- Mark Thomas <[EMAIL PROTECTED]> wrote:
Bruce,
You should not have done step 5. This deleted your
private key. I hope you have a backup ;)
Mark
Bruce Perryman wrote:
Hello,
I'm using TC 5.0.19 and j2sdk1.4.2_04 on RedHat 9.
My SSL certificate expired and I received a new
one
but haven't been able to get the new one to work.
Here are the steps that I used to get the
certificate
and import it into my keystore:
[1] keytool -genkey -alias tomcat -keyalg RSA -keystore .keystore [2] keytool -certreq -alias tomcat -keystore .keystore -file tomcat.csr [3] Submit tomcat.csr to Entrust and then retrieve entrust_ssl_ca.cer (We used cut and paste, not file download.) [4] shut down Tomcat [5] keytool -delete -alias tomcat -keystore .keystore [6] keytool import -trustcacerts -alias tomcat -file entrust_ssl_ca.cer -keystore .keystore [7] restart tomcat Instead of [6], we also tried: [6a] keytool import -alias tomcat -file entrust_ssl_ca.cer -keystore .keystore
When I restart Tomcat and view my page, I get the message that the page cannot be displayed.
In my catalina.out file, I see the following
severe
error msg:
Endpoint [SSL: ServerSocket[addr= ]] ignored exception: java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No available certificate corresponds to the SSL cipher suites
which
are enabled.
Does anyone know what I'm doing wrong? I don't
have
the exact steps that I performed with my previous certificate, but the above steps are what I used
for
the newly issued certificate.
Thanks, in advance, for your help.
__________________________________ Do you Yahoo!? Yahoo! Mail - 250MB free storage. Do more. Manage
less.
http://info.mail.yahoo.com/mail_250
---------------------------------------------------------------------
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
