Hi Konstantin, Goo Sam and Mark, Thank you for responding so quickly to my post. Your articles were helpful but it didn't show me the exact procedure as how to chain certificates etc. (or I misread them)
I managed to do it using this really cool tool "KeyStore Explorer 4.0" from http://www.lazgosoftware.com/kse/index.html It has a really nice interface and really easy to use. I managed to create a Java keystore file (.jks) by importing the CA root certificate, the CA intermediate certificate and the Key pair from the .PFX file. I'll post a detailed "how to guide" tomorrow. I'm going to get some sleep now. Thanks once again. Cheers, Ian ________________________________ From: Goo Sam Kong <skgo...@gmail.com> To: Tomcat Users List <users@tomcat.apache.org> Sent: Thu, 24 June, 2010 6:44:57 AM Subject: Re: Convert a certificate from IIS (.PFX) into a (.keystore) for Apache Tomcat v 6.x Hi Ian, Take a look on this http://tp.its.yale.edu/pipermail/cas/2005-July/001337.html. Hope it helps. On 24 June 2010 06:41, Konstantin Kolinko <knst.koli...@gmail.com> wrote: > 2010/6/24 Mark Eggers <its_toas...@yahoo.com>: > > Google is your friend? > > > > > http://www.cb1inc.com/2007/04/30/converting-pfx-certificates-to-java-keystores/ > > > > Please note that I have not tried this. Your mileage may vary. > > > > Noticing the "PKCS #12" hint form the above page, > I can find this Sun article: > > http://java.sun.com/developer/technicalArticles/J2SE/security/#4 > "Import and Export PKCS#12 Keystores" > > > how to chain the CA's intermediate certificates > > It looks that the method described in the Sun article imports the > whole keystore, and from description of the format it looks that the > one from Jetty also does so. > > Disclaimer: I have not tried them. > > Best regards, > Konstantin Kolinko > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
