configuring SSL for Tomcat with .pfx

Fri, 23 Mar 2012 09:05:18 -0700 

Hi everyone,

I have been tasked with configuring SSL for Tomcat. I am new to Tomcat 
configuration so I have been through the docs and consulted many different 
articles in an attempt to figure out how all of this works.

I have been given the following (attached):

*         Thawte Primary Root CA.cer

*         Thawte SSL CA.cer

*         remedy.optinet.net_cert.pfx

My plan was to import the root cert then the intermediate cert then the .pfx by 
doing the following:


*         keytool -import -keystore tomcat.keystore2 -storepass password 
-storetype PKCS12 -file "c:\Thawte Primary Root CA.cer"

*         keytool -import -keystore tomcat.keystore2 -storepass password 
-storetype PKCS12 -file c:\Thawte SSL CA.cer

*         keytool -importkeystore -deststorepass password -destkeystore 
c:\tomcat.keystore2 -srckeystore c:\remedy.optinet.net_cert.pfx -srcstoretype 
PKCS12 -srcstorepass password

But got the following error when I started with the root cert:

D:\Program Files (x86)\Java\jdk1.6.0_19\bin>keytool -import -keystore 
tomcat.keystore2 -storepass password -file "c:\Thawte Primary Root CA.cer"
keytool error: java.lang.Exception: Input not an X.509 certificate


Then I imported the certificates into certmgr and exported them to X.509 and 
tried again .... got the following:

D:\Program Files (x86)\Java\jdk1.6.0_19\bin>keytool -import -keystore tomcat.key
store2 -storepass password -storetype PKCS12 -file "Thawte Primary Root CA_x.cer
"
Owner: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use
only", OU=Certification Services Division, O="thawte, Inc.", C=US
Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized us
e only", OU=Certification Services Division, O="thawte, Inc.", C=US
Serial number: 344ed55720d5edec49f42fce37db2b6d
Valid from: Fri Nov 17 02:00:00 CAT 2006 until: Thu Jul 17 01:59:59 CAT 2036
Certificate fingerprints:
         MD5:  8C:CA:DC:0B:22:CE:F5:BE:72:AC:41:1A:11:A8:D8:12
         SHA1: 91:C6:D6:EE:3E:8A:C8:63:84:E5:48:C2:99:29:5C:75:6C:81:7B:81
         Signature algorithm name: SHA1withRSA
         Version: 3

Extensions:

#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  Key_CertSign
  Crl_Sign
]

#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 7B 5B 45 CF AF CE CB 7A   FD 31 92 1A 6A B6 F3 46  .[E....z.1..j..F
0010: EB 57 48 50                                        .WHP
]
]

Trust this certificate? [no]:  yes
keytool error: java.security.KeyStoreException: TrustedCertEntry not supported

I am struggling to get to grips with all of the components like the "alias", 
"key", "algorithm", "keystore", "certificate", etc ... and the different types 
of keystores ; different types of certificates and so many other things.

If you could assist me I would appreciate it greatly.

Regards
Melanie Snayer
BMC Remedy Product Consultant
______________________________________________________________
Blue Turtle Technologies
Tel :     +27 (0) 87 721 1874/5/6   |   Fax:  +27 (0)21 552 7764  |  Cell:  +27 
(0)82 568 6205
email:   [email protected]<mailto:[email protected]>   |   web: 
 www.blueturtle.co.za<http://www.blueturtle.co.za>

Imagination was given to us to compensate for what we are not; a sense of humor 
was given to us to console us for what we are.
- Mark McGinnis


________________________________
Blue Turtle Technologies (Pty) Limited | Reg. no.: 2003/002610/07 | 
http://www.blueturtle.co.za
Gauteng : Tel: +27 (0)11 206 5600 | Fax: +27 (0)11 206 5606 | Midridge Office 
Estate, International Business Gateway, cnr New Road & Sixth Street, Midrand, 
1685 | P O Box 31331, Kyalami, 1684
Western Cape: Tel: +27 (0)87 721 1874 | Fax: +27 (0)21 552 7764 | Unit E6, 
Century Square, Heron Crescent, Century City, Cape Town, 7446

DISCLAIMER: This email and any files transmitted with it are confidential and 
are intended solely for the use of the individual or entity to whom they are 
addressed. This communication represents the originator's personal views and 
opinions, which do not necessarily reflect those of Blue Turtle Technologies 
(Pty) Ltd. If you are not the original recipient or the person responsible for 
delivering the email to the intended recipient, be advised that you have 
received this email in error, and that any use, dissemination, forwarding, 
printing, or copying of this email is strictly prohibited. If you received this 
email in error, please immediately notify the sender. Thank you.

Reply via email to