keytool -genkey -keyalg RSA -alias tomcat –keystore </path/to/.keystore>
password is "changeit"
then
keytool -certreq -keyalg RSA -alias tomcat –keystore </path/to/.keystore> -file </path/to/certwhatever.csr>
then once you receive the cert back from VERISIGN...
IF it's the first cert this server has had, you'll need to download a
chaincert from the following locations depending on who you purchase the
cert from: For Verisign.com go to: http://www.verisign.com/support/install/intermediate.html
For Trustcenter.de go to: http://www.trustcenter.de/certservices/cacerts/en/en.htm#server
For Thawte.com go to: http://www.thawte.com/certs/trustmap.html
Import the Chain Certificate into you keystore
keytool -import -alias root -keystore </path/to/.keystore> -trustcacerts -file </path/to/filename_of_the_chain_certificate>
And finally import your new Certificate (It must be in X509 format):
keytool -import -alias tomcat -keystore </path/to/.keystore> -trustcacerts -file </path/to/your_certificate_filename>
Jeff -jrj
Mark Thomas wrote:
Bruce,
Sorry. Don't know. I have only ever got it working using RSA. However, when I did this I got so many things wrong the first 20 or so times I tried it it could have been anything stopping it working.
Mark
Bruce Perryman wrote:
Thanks,
It worked, the only problem is that we failed to specify the RSA algorithm.
Are we screwed for using DSA?
--- Mark Thomas <[EMAIL PROTECTED]> wrote:
The following steps should work (although I have only ever done this using my own CA).
1. Create tomcat key in your own keystore 2. Create CSR 3. Submit CSR 4. Get response 5. Import CA's root cert to cacerts (%JAVA_HOME%\jre\lib\security\cacerts) 6. Import new cert to same keystore as 1 (use same alias & trustcacerts option) 7. Restart Tomcat
HTH
Mark
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]