-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Niranjan,
On 11/24/14 10:51 AM, Niranjan Babu Bommu wrote:
> I think you have create a keystore from the cert, please follow
> these instruction and ket me know.
>
> Create store with temporary key inside:
>
> keytool -genkey -alias <alias name> -keystore yourkeystore.jks
> -storepass Hello1 Then delete existing entry:
>
> keytool -delete -alias temp -keystore yourkeystore.jks -storepass
> Hello1 Now you've got empty store. You can check that it's empty:
>
> keytool -list -keystore yourkeystore.jks -storepass Hello1 Then
> import your certificate to the store:
>
> keytool -import -alias <alias name> -file cert_file.crt -keypass
keypass
> -keystore yourkeystore.jks -storepass Hello1
Nope: the existing key *and* cert need to be imported simultaneously
into the keystore. If the OP already has a cert, he's already got a
key, too.
The problem is that you probably started with OpenSSL to generate your
keys and stuff. Here is the proper procedure to import your key,
certificate, and CA bundle into a Java keystore.
You'll need these files:
server.key (this is your server's secret key)
server.crt (this is your server's certificate, signed by the CA)
ca.crt (this is your CA's certificate)
Here is the incantation:
$ openssl pkcs12 -export -in server.crt -inkey server.key \
-certfile ca.crt -out keystore.p12 -chain
$ $JAVA_HOME/bin/keytool -importkeystore -srckeystore keystore.p12 \
-srcstoretype pkcs12 \
-destkeystore keystore.jks
Now, use keystore.jks in Tomcat's server.xml.
If you already had created your key and cert request using Java's
'keytool', then you can instead just import the signed certificate
into your keystore:
$ $JAVA_HOME/bin/keytool -importcert -file server.crt \
-keystore keystore.jks \
-alias [alias]
If you used an alias to create the certificate signing request (CSR),
then use the same alias in the above command.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJUc32WAAoJEBzwKT+lPKRYn5UP/RynvOjSw2UlMn4wwPlvWIQC
EiyfUjHaSK3YSCniGK9yiDuwEshXjAE88aEFptmnhcgZnJpJ1o0ybbdw5xZLk+Vv
68XDqnuD1klYsmufnDKETKTEpQk4aMke8jHUdbLtx4/TtK0aKZirEKzmDrXFlBDI
YvEdlBvhH494Q/fvm0ARBdV1I8nwSt33DQ8WPcAMNVdgJzla7BcgAqupkBiMCpD4
49BDOyDZmiulFzL0Co6d2bEx/yWHECx1Zu/gfH6NXjeJ/UgZNkn9aABS8RsO+sa5
Oq/AJvXTgcKGUUQpBPOVcmhOrjgG9jYyMd9TfYZHllNQDqbBL7MgpkmXiSEGusAg
zvsfiksWEhDj4xremuQHVstCV4FZYqyLKjfBbiYABfZ50mOoYgF4J+sN97/CVo8F
pp29hiDN7YnqPCJzlWFi0DRPOFjJX2CFXyzoxkDvx/5gXhn8ZoPwU7i6gGxmcMg1
52xPXjEPBbf/q+MbwxUfRRBvNTzXB+b3hU5aN5HHpflqxodasNod+kW7VWnZZZI/
aCq5kKdXX7VQFfsEtWJnPYDe2yCj/KHzLCDAJMJA8iLpMUrN1Xb8jEOOe0vq5h60
vFUiFMrEyWOv7BPVszsnDx1EO8tDpDZS766/AigtYxGJzAF0DS8wNX9awCGYknxB
zSoDIu3mfw1r3546epjF
=IeMh
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
