Hi I am getting following error when I try with wget
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol Unable to establish SSL connection. Thanks & Regards, Prashant Shinde Senior Consultant Hoonar Tekwurks Consulting LLP email: prashant.shi...@hoonartek.com | cell: +91 98220 38097| desk: +91 20 4900 5204 -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 11 September 2013 14:22 To: Tomcat Users List Subject: Re: Using a P7B certificate file -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 James, On 9/10/13 6:50 PM, James H. H. Lampert wrote: > On 9/10/13 2:19 PM, Christopher Schultz wrote: >> "P7B" is otherwise known as a PKCS#7 file and usually contains a >> certificate. Does the file contain *only* a certificate, or does it >> also contain the key that was used to generate the CSR? If you have >> the cert but not the key, you won't be able to use it for serving >> HTTPS. >> >> Let's start with what you've actually got. You said you have a file. >> What's in the file? > > Well, from what little I'd read, "A P7B file only contains > certificates and chain certificates, not the private key." (from > <https://www.sslshopper.com/ssl-converter.html>) > > Is there a way it *can* contain the private key as well? > > At any rate, it contains the typical unintelligible block of > characters between "BEGIN PKCS7" and "END PKCS7" marks, 98 lines of > 64 characters and a 99th line of 4 characters, approximately 6kb. I > did a bit of futzing around with it, found I could use "keychain > access" on my Mac to import it into an empty "keychain" file for > inspection, and I found that it it appears to contain a root > certificate, an intermediate certificate, and the signed SSL > certificate. Looking at it with the corresponding utility on my > WinDoze box gives the same result. Unless you know of something else > that can inspect a P7B file, I'm guessing that it's just a reply to a > CSR, waiting to be installed in the originating keystore. You could use OpenSSL to inspect it, but I suspect it would give you the same result. Okay, great: you have a chain of certificates and could, with a bit of effort, convert that into a Java keystore or a PEM-encoded file for use with OpenSSL (and httpd, tcnative, etc.). Without the private key, though, you aren't going to get very far. Go back to the client and tell them that you need that, too. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSMGB1AAoJEBzwKT+lPKRY3V4QALfCpfIut8j3+CMLlYxe2l+d q9M884k+CaBST5FBCUpGF0sdtBinoPnq9JINDQihBBg1WIJ7kji8CEi5/78ePqmv 7aZcPqZDt2/32+QWX+WNKRJy0IawLJl89DnB2DnnJdb4GaSzrJXPhUwBCzA61wXc eRjRmKrx8oQTRYDKHp2eaY4HrYFn6tmiU3a6mZKO6NF7bLWyk8vPbEpCO9WXM+fd SqxwlWqr6JKLyiEmswxhZsHQN7u7Pppr+wMvmRVmnNRRgYzRUT9NKvobd6XyaWau T4dFlkSMWZqnUctH8L4vmoPm/TBzM6bwqDCSnRg1QCeMvfLeribo2AWzsMXgtvlN iNdzp9pwKXWhowKcWN+pZxMwUXgkusZEDth0JnA59tZaufWYTMucv2sW7+890kJ6 ZyCOKhfAF7U4gJNuJXy1cFOHpVhsLGFwM/dnOSqzuA7lvf8Duc5jY2Hm7BA69lRT HwiSyunw2IARcp0nWbEiVKdF1WU2+bzevhk896S2qwWmXwATMc6gy38EnL/TRSpw QXyXCrglCTl2yt1pbE45+1Zb3CVC8RWsvaSGsFRzPxotTcOEZGwLjv4FtvHOHn4o 1+EP+6oanG43OEKKm6+PHQ1BnDCnko3dKEeSftrHVeW6N3/sLMpjKa/JsKXL8CpZ mnUDjvnZ3ZLbBuvOncpl =mDnw -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
