-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Liav,
On 11/14/2009 4:32 AM, Liav Ezer wrote: > The section about importing a certificate issued by a CA begins with: > > Download a Chain Certificate from the Certificate Authority you obtained the > Certificate from. [snip] > What is a Chain Certificate? What do i do with it? What product does it > produce (which file type)? A "chain certificate" is a certificate that goes into a chain of certificates that all trust each other. If "a -> b" means "a trusts b", then you have something like this (VeriSign is only used as an example): Tomcat -> VeriSign master cert VeriSign master cert -> VeriSign signing certs VeriSign signing cert -> VeriSign's XYZ signing cert VeriSign's XYZ cert -> your cert Often, Tomcat only trusts the "master cert" of any given certificate authority (CA), and so you have to provide the entire "chain of trust" by importing not only /your/ certificate, but also the two certs (in my example) that are in the chain of trust between yours and the master cert. > Also, I might need to skip this stage since i already have a certificate at > hand (.cer) as Christofer implied in the previouse thread. Your earlier message didn't say that you had anyone else's certificates. The process is easy: 1. Import your own certificate into the keystore file you want to use 2. Import any other chain certs into the keystore file you want to use 3. Point Tomcat at that keystore file > AnyWay - i'm stuck with 4 different files which appearantly look like a > finalized & ready to launch certificate but i don't know how to configure > the connector attributes in order to support it. Once you have the keystore file ready with all your stuff, just set keystoreFile="/path/to/your/keystore/file" and keystorePass="password-to-keystore-file" and you should be good to go. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksAGLcACgkQ9CaO5/Lv0PBSCgCdErMyiEYsRoNk6hN6QvgYX4i8 /sAAnjV6JTXRuepN7ssZVENzGNMK7h6W =OLaF -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
