java ssl management - keytool assistance

Randy Jonasz rjonasz-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Tue Nov 30 21:58:27 UTC 2010


Maybe try:

1. cd $JAVA_HOME/jre/lib/security
2. $JAVA_HOME/jre/bin/keytool -delete -alias youralias -keystore
jssecacerts -storepass yourpassword
3. $JAVA_HOME/jre/bin/keytool -importcert -alias youralias -keystore
jssecacerts -storepass yourpassword -file key_pkcs3.txt

Randy


On Tue, Nov 30, 2010 at 4:08 PM, William Muriithi
<william.muriithi-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> Hello
>
> Got a quick question.  I got an tomcat running on a box and currently
> uses a self signed certificate. We purchases a real PKCS certificate
> recently and I am struggling swapping the old self signed certificate
> for the verisign issued certificate.  Actually, java seem to have
> accepted the certificate, but after restarting tomcat, pointing
> firefox to the tomcat server still make the browser complain that the
> certificate is not valid - in another word, tomcat is still using the
> old certificate.
>
> This is how I went about it
>
> /usr/java/jdk1.6.0_21/bin/keytool -import -alias tomcat  -keystore
> /usr/java/jdk1.6.0_21/jre/lib/security/cacerts -file key_pkcs3.txt
>
> This run successfully and when I run it again, failed with an error
> message that the certificate is already installed.  Which is a
> positive thing I guess.
>
> When I run
>
> /usr/java/jdk1.6.0_21/bin/keytool -list  -keystore
> /usr/java/jdk1.6.0_21/jre/lib/security/cacerts
>
> I can see the certificate on the list.
>
> I have removed the alias that I had used to install the self signed
> certificate, but this have not helped.
>
> What could I be missing here?
>
> William
> --
> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list