On 17/11/2011 15:26, rosiere wrote:
>
> Hello,
>
> Thanks for your suggestions.
> I displayd my keystore file with keytool:
> keytool -list -v -keystore $myKeystoreFile > keystoreManifest.txt
>
>
> There are 4 entries in my keystore file.
> But only one entry contains a field named "Certificate chain length".
>
> The other 3 entries, as certificates from our CA, contain a field
> "Certificate fingerprint"
> (or "Empreinte du certificat" in French because my Linux distribution that
> supports my JDK and Tomcat was installed in French)
>
> # intermediate certificate
> alias: inter
> entry type: trustedCertEntry
> issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
>
> # root certificate
> alias: root
> entry type: trustedCertEntr
> issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
>
>
> # our private key
> alias : tomcat
> entry type: {0} //this is exactly what I see on the prompt, not a variable
> of my own writing.
> certificate chain length: 1
> issuer: $ourDN
>
>
> alias : $myAlias
> entry type: trustedCertEntry
> issuer: CN=RapidSSL CA, O="GeoTrust, Inc.", C=US
>
>
> My colleagues concluded that all the necessary certificates were imported,
> but none was actually used by Tomcat.
Wrong.
When you imported your new certificate, you should have specified
"tomcat" as the alias rather than "$myAlias".
I suggest you take some backups of your key stores in case you mess
things up and then try again.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
