Thanks for your response,
No, I don't know any of these things. This is why I am so confused!! My JAVA folder has 3 different locations which contain the command "KEYTOOL" I don't even know which of them is supposed to hold the certificate. Yesterday, just to be on the safe side, I imported my certificate into ALL 3 locations (under 3 different aliases) Still did not work. Then I found yet another command online which says that, it's not enough to import the certificate into keystore. It needs to be imported directly into the CACERT file. But, it does not say HOW this should be done!! To make matters even worse, I found yet another "advice" in Tomcat's documentation, saying : before importing the certificate, you need to first import a so-called TRUST CHAIN. In some places, it says you need this trust chain if the certificate was applied for by yourself. In some places, it does not mention the trust chain at all, if you already trust the certificate. So, what exactly is the CORRECT way to do this? And what is the right command??? is it : keytool -import -file tomcatCert.crt -trustcacerts -alias tomcat -keystore c:/apps/jdk/jre/lib/security/cacerts -storepass changeit or is it : keytool -import -alias root -keystore <your_keystore_filename> -trustcacerts -file <filename_of_the_chain_certificate> or : keytool -import -alias tomcat -keystore <your_keystore_filename> -file <your_certificate_filename> or : keytool -importcert -alias abc -file ABCCA.cer Which is it ??? And what is the difference between KEYSTORE and CACERT ???? I am just so confused!! > Date: Wed, 18 Nov 2009 15:00:17 -0500 > From: ch...@christopherschultz.net > To: users@tomcat.apache.org > Subject: Re: Importing CERTIFICATE into Java Keystore > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Stephen, > > On 11/18/2009 3:26 AM, Stephen . wrote: > > > keytool -importcert -alias abc -file ABCCA.cer (where "abc" is the > > alias) > > You need to make sure that the keystore file you used to import the > certificate is also the keystore used by the LDAP resource. > > Do you know what keystore into which you imported your cert? > Do you know what keystore is being used by the LDAP resource? > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAksEUlEACgkQ9CaO5/Lv0PCpogCcDEhSp2nvPErskak6mbdkpJqR > PD8AnjglMawq8ag9j3YTh9HefruQ4oLY > =TR5G > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > _________________________________________________________________ Windows Live: Keep your friends up to date with what you do online. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010
