I have to deploy a java application under tomcat. I need to have ssl on the server. In fact, the ssl is working properly, the problem is that once i have received the new certificate from a CA (verisign in my case), i am having problems in order to import thar certificate into my keystore.
Yes, i have already google it, but most of the post i have found speak about tomcat misconfiguration, which is not my case, ssl works fine, but onl with the certificate i have created (and, of course, that is not a *secure* certificate, as long as it has not been issued by a CA)
First of all, information : -All runs under Java 1.4.2 -GNU/Linux system -Tomcat 5.5 -By now, Tomcat is run by root
Now, i describe the problem:
I created my keystore :
Then, i generated my CSR:
And I send the certreq.csr file to verisign.
Then verisign emailed me the certificate. Here the problem started, it was my fault... The documentation at the spanish site at verisign was not very good, and i wasn't very smart, so after a few problems, i decided to *delete* the keystore and create it again, with the same commands. I think this is the problem.
After that, i imported the root certificate from verisign :
After this step, I list what's in the keystore :
At this point i understand that the root certificate from the CA is properly installed and that my certificate is installed, but i still need to import the one that i have received from verisign...
So, let's import the certificate from verisign:
The translation for the error is :
By having a look at this, i assume that this maybe a problem of have reseted the keystore, am i right?
Well, in any case, the tomcat configuration for ssl is :
The tomcat configuration is correct, as long as i can start tomcat and have a proper ssl connection against the server, the problem here is the certificate (I am still using the certificate that i generated, as long as i can not import the one received from verisign).
Another thing that i tried was to create a new keystore called amandris.com, and then, import on that keystore the root certificate from verisign and the certificate issued for verisign for my web, but if i do that; chaning the tomcat configuration to :
At the moment i restart tomcat, i get this:
Which is pretty funny, because if i list what is in the amandris.com keystore, I get this :
Well, this is the situation, the fact is that i am *despertate* i wonder if verisign will have to send us a new certificate signed... i think that's the problem, and i have sent them a new Certification Sign Request...
Any ideas? Anything will be *very* appreciated.
Thanks in advance Juan Antonio Gomez Moriano
Juan Antonio Gomez Moriano
Joined: Oct 27, 2007
Finally i found the solution. As i expected, a new CSR was to be sended to the CA and signed... after that, i just install the new certificate into my keystore and everything was fine
subject: Problems with SSL, certification import problems.