The point was that keytool can't import existing private key. If you need to build keystore from existed cert + prv key you need to do this by external java(or smt) program. Key and Cer must be in der format.
Example is here : http://www.agentbob.info/agentbob/79-AB.html Alex 2008/8/28 Alex Mestiashvili <[EMAIL PROTECTED]> > Alexey Eronko wrote: > >> Hello Guys! >> >> Don't beat me because I found so much docs about ssl and keystore but I >> can't get it working with together. >> >> I have pem cert,rsa_key and ca cert from my own CA. I don't understand >> what >> kind of cert do I need in keystore to make it works on tomcat. >> >> I tried >> >> keytool -import -alias tomcat -trustcacerts –file myserver.pem -keystore >> keystore.jks >> >> And I Got error in tomcat : >> >> java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: >> No >> available certificate or key corresponds to the SSL cipher suites which >> are >> enabled. >> >> at >> >> org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150) >> >> at >> org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310) >> >> at java.lang.Thread.run(Thread.java:619) >> >> Aug 27, 2008 5:56:28 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor >> run >> >> SEVERE: Socket accept failed >> >> I thought that I need to Impot rsa key also, I tried : >> >> keytool -import -alias tomcat3 -keyalg RSA -file key -trustcacerts >> -keystore .keystore >> >> I got : >> >> keytool error: java.lang.Exception: Input not an X.509 certificate >> >> I've already lost 5 hours to solve this problem, could you please assist >> me >> . >> >> Thanks a lot >> >> Alex >> >> >> > AFAIK java uses DER format for keystore > > so , you have to convert .pem to .der > > openssl x509 -in cacert.pem -inform PEM -out cacert.der -outform DER > > keytool -import -alias tomcat -keystore > /usr/java/jdk1.6.0_04/jre/lib/security/cacerts -file cacert.der > > Alex > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
