After jumping through multiple loops to get SSL working on tomcat, I see light at the end of the tunnel.
I got a signed certificate from verisign, which I need to import into tomcat, and when I tried to install the certifcate using keytool, with the following command:
keytool -alias secure -keystore secure.jks -import secure.csr
I get the above error.
After I did a Google with the above error, I was forwarded to the below link:
http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs6765
The article talks about the fact that "JDK keystore is very particular about the format of the Certificate." The keystore expects the format to be in PKCS#7 format.
Now to get a PKCS certificate, easiest approach is as follows:
1) On a Windoz box, install the ".cer" file, by double clicking on it.
2) Next open MMC, by typing the same in the Windoz-Run.
3) Depending on whether U have the snap in the console, add the Certificates Snap-In into the MMC.
4) Once the Snap-in is installed , look for the cer file u just installed.
5) Right click on the certifcate, choose All tasks, Export.
6) Step through the Wizard choosin in the Export File Format "Cryptographic Message Syntax Standard-PKCS#7 Certificates".
7) Save it to your hard drive.
8) Now the run the same keytool command with filename to import, the exported PKCS file
keytool -alias secure -keystore secure.jks -import
9) Restart your tomcat, or make necessary changes to point to the right keystore, and
it should work.
No comments:
Post a Comment