This week's book giveaway is in the Jobs Discussion forum.
We're giving away four copies of Java Interview Guide and have Anthony DePalma on-line!
See this thread for details.
The moose likes Tomcat and the fly likes Problems with SSL, certification import problems. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Problems with SSL, certification import problems." Watch "Problems with SSL, certification import problems." New topic

Problems with SSL, certification import problems.

Juan Antonio Gomez Moriano

Joined: Oct 27, 2007
Posts: 3
Hello there.

I have to deploy a java application under tomcat. I need to have ssl on the server. In fact, the ssl is working properly, the problem is that once i have received the new certificate from a CA (verisign in my case), i am having problems in order to import thar certificate into my keystore.

Yes, i have already google it, but most of the post i have found speak about tomcat misconfiguration, which is not my case, ssl works fine, but onl with the certificate i have created (and, of course, that is not a *secure* certificate, as long as it has not been issued by a CA)

First of all, information :
-All runs under Java 1.4.2
-GNU/Linux system
-Tomcat 5.5
-By now, Tomcat is run by root

Now, i describe the problem:

I created my keystore :

Then, i generated my CSR:

And I send the certreq.csr file to verisign.

Then verisign emailed me the certificate. Here the problem started, it was my fault... The documentation at the spanish site at verisign was not very good, and i wasn't very smart, so after a few problems, i decided to *delete* the keystore and create it again, with the same commands. I think this is the problem.

After that, i imported the root certificate from verisign :

After this step, I list what's in the keystore :

At this point i understand that the root certificate from the CA is properly installed and that my certificate is installed, but i still need to import the one that i have received from verisign...

So, let's import the certificate from verisign:

The translation for the error is :

By having a look at this, i assume that this maybe a problem of have reseted the keystore, am i right?

Well, in any case, the tomcat configuration for ssl is :

The tomcat configuration is correct, as long as i can start tomcat and have a proper ssl connection against the server, the problem here is the certificate (I am still using the certificate that i generated, as long as i can not import the one received from verisign).

Another thing that i tried was to create a new keystore called, and then, import on that keystore the root certificate from verisign and the certificate issued for verisign for my web, but if i do that; chaning the tomcat configuration to :

At the moment i restart tomcat, i get this:

Which is pretty funny, because if i list what is in the keystore, I get this :

Well, this is the situation, the fact is that i am *despertate* i wonder if verisign will have to send us a new certificate signed... i think that's the problem, and i have sent them a new Certification Sign Request...

Any ideas? Anything will be *very* appreciated.

Thanks in advance
Juan Antonio Gomez Moriano
Juan Antonio Gomez Moriano

Joined: Oct 27, 2007
Posts: 3
Hello there.

Finally i found the solution. As i expected, a new CSR was to be sended to the CA and signed... after that, i just install the new certificate into my keystore and everything was fine

I agree. Here's the link:
subject: Problems with SSL, certification import problems.
It's not a secret anymore!