Hello Christopher, I don't have the server.key and server.crt. I have root access to server, I can generate my own if necessary. I only have .crt and .ca-bundle file. Can you tell me what to do. Thank you very much for your help.
On Mon, Nov 24, 2014 at 7:48 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Niranjan, > > On 11/24/14 10:51 AM, Niranjan Babu Bommu wrote: > > I think you have create a keystore from the cert, please follow > > these instruction and ket me know. > > > > Create store with temporary key inside: > > > > keytool -genkey -alias <alias name> -keystore yourkeystore.jks > > -storepass Hello1 Then delete existing entry: > > > > keytool -delete -alias temp -keystore yourkeystore.jks -storepass > > Hello1 Now you've got empty store. You can check that it's empty: > > > > keytool -list -keystore yourkeystore.jks -storepass Hello1 Then > > import your certificate to the store: > > > > keytool -import -alias <alias name> -file cert_file.crt -keypass > keypass > > -keystore yourkeystore.jks -storepass Hello1 > > Nope: the existing key *and* cert need to be imported simultaneously > into the keystore. If the OP already has a cert, he's already got a > key, too. > > The problem is that you probably started with OpenSSL to generate your > keys and stuff. Here is the proper procedure to import your key, > certificate, and CA bundle into a Java keystore. > > You'll need these files: > > server.key (this is your server's secret key) > server.crt (this is your server's certificate, signed by the CA) > ca.crt (this is your CA's certificate) > > Here is the incantation: > > $ openssl pkcs12 -export -in server.crt -inkey server.key \ > -certfile ca.crt -out keystore.p12 -chain > > $ $JAVA_HOME/bin/keytool -importkeystore -srckeystore keystore.p12 \ > -srcstoretype pkcs12 \ > -destkeystore keystore.jks > > Now, use keystore.jks in Tomcat's server.xml. > > If you already had created your key and cert request using Java's > 'keytool', then you can instead just import the signed certificate > into your keystore: > > $ $JAVA_HOME/bin/keytool -importcert -file server.crt \ > -keystore keystore.jks \ > -alias [alias] > > If you used an alias to create the certificate signing request (CSR), > then use the same alias in the above command. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBCAAGBQJUc32WAAoJEBzwKT+lPKRYn5UP/RynvOjSw2UlMn4wwPlvWIQC > EiyfUjHaSK3YSCniGK9yiDuwEshXjAE88aEFptmnhcgZnJpJ1o0ybbdw5xZLk+Vv > 68XDqnuD1klYsmufnDKETKTEpQk4aMke8jHUdbLtx4/TtK0aKZirEKzmDrXFlBDI > YvEdlBvhH494Q/fvm0ARBdV1I8nwSt33DQ8WPcAMNVdgJzla7BcgAqupkBiMCpD4 > 49BDOyDZmiulFzL0Co6d2bEx/yWHECx1Zu/gfH6NXjeJ/UgZNkn9aABS8RsO+sa5 > Oq/AJvXTgcKGUUQpBPOVcmhOrjgG9jYyMd9TfYZHllNQDqbBL7MgpkmXiSEGusAg > zvsfiksWEhDj4xremuQHVstCV4FZYqyLKjfBbiYABfZ50mOoYgF4J+sN97/CVo8F > pp29hiDN7YnqPCJzlWFi0DRPOFjJX2CFXyzoxkDvx/5gXhn8ZoPwU7i6gGxmcMg1 > 52xPXjEPBbf/q+MbwxUfRRBvNTzXB+b3hU5aN5HHpflqxodasNod+kW7VWnZZZI/ > aCq5kKdXX7VQFfsEtWJnPYDe2yCj/KHzLCDAJMJA8iLpMUrN1Xb8jEOOe0vq5h60 > vFUiFMrEyWOv7BPVszsnDx1EO8tDpDZS766/AigtYxGJzAF0DS8wNX9awCGYknxB > zSoDIu3mfw1r3546epjF > =IeMh > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
