Hi Marvin,
Marvin Addison <marvin.addi...@gmail.com> schrieb:
>> There is some "junk" ("bag attributes")n the file that I don't'
>understand. I am used to just seeing "-----BEGIN CERTIFICATE-----
>"----END CERTIFICATE----- "" ""-----BEGIN RSA PRIVATE KEY-----
>"-----END RSA PRIVATE KEY----- "
>
>As far as I know, keytool can only import certificates in PKCS8
>format. The "junk" you mentioned may indicate the key is in SSLeay
>format. You can use OpenSSL to convert from one format to another.
>That said, I'm not aware of _any_ method to import a keypair into a
>keystore using keytool; the private key is inaccessible (with respect
>to import and export) by design.
I think that restriction is gone. At least my sun jdk 6u12 keytool can import
complete pkcs12 files into my Java keystores without a problem. Export works,
too.
And u12 is really old now.
Regards
Felix
>
>You should probably determine whether you actually need the private
>key before proceeding. Sounds like you're doing SSL offloading, but
>that shouldn't necessarily require using the same keypair on both the
>LB and endpoint.
>
>M
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
