• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Liutauras Vilda
  • Tim Cooke
  • Jeanne Boyarsky
  • Bear Bibeault
  • Knute Snortum
  • paul wheaton
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Ganesh Patekar
  • Tim Holloway
  • Carey Brown
  • salvin francis

SSL Question

Posts: 21003
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's pretty much it in a nutshell.

I think you may have had a problem in generating a CSR externally because the CSR must match the private key. If you generate a CSR from outside keytool, you'd have to import not only the cert chain but also the private key used to generate that CSR.

The Tomcat docs, on the other hand, start out assuming that you'll be constructing a brand-new keystore AND creating a private key (the "keygen" option) and that therefore you will be using keytool to generate CSRs that pair with that key.

SSL is basically just public/private encryption and like SSH, requires a public key to be sent to the client and a private key to decrypt what the client sent after encrypting with the public key. The main difference is that in SSL, you also have digitally-signed tokens that assert that the server is what you think it is and not some random hijacking of data streams for evil purposes.
Posts: 1679
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Tim. Good info!

- mike
Live ordinary life in an extraordinary way. Details embedded in this tiny ad:
Enterprise-grade Excel API for Java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!