So let me try to understand what is going on here. I generate a keystore using keytool, that contains a key. At this point it is equal to a self signed certificate, and it works, but the browser complains that there is no CA. I then need to create a certificate request ad send that off to goDaddy. What is this? a public key that matches up with the private key? Then I have to import the certificates that goDaddy returns to me because that validates the private key that is already in the keystore?
On Fri, Apr 4, 2014 at 4:46 PM, Mark Thomas <ma...@apache.org> wrote: > On 04/04/2014 21:42, Mark Murphy wrote: > > I saw something on StackOverflow that said the key type in the keystore > > needs to be PrivateKeyEntry and not trustedCertEntry. Is this true? When > I > > look at my keystore, it is trustedCertEntry for all the certs. > > > > But when I look at the type for the self signed certificate (which > works), > > it shows keyEntry. > > > > Does, or should this matter? and if so, how do I change the type? > > Yes, this matters a lot. > > You must import the cert you receive from the CA into the same keystore > you used to generate the CSR since that is where the private key is and > the server has to have access to the private key. > > Mark > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >